Of late a number of articles are appearing on impact of stuxnet worm on process safety and it is an eye opener for me. Though, I am bothered about safety of my computer at home and office, it never occurred to me that this can lead to accidents in plants which are operated from computers. Possibly, this is due to the fact that only limited sections are operated from computers in the facilities which I saw all along.
Now that I am aware of this stuxnet worm and its cousins that can affect process safety, I though what we can do to prevent such process safety hazards and following are some that came to my mind.
1. As the worm has to enter through internet / removable disks, these computers should not be connected to internet.
2. There should not be any provision to use pen drives, floppy drives, CDs.
3. Realtime protection from viruses, worms, etc should be available. For this realtime protection program loading, the server system should be under lock and key control of a senior officer. If it is affected, then this man only is the channel for viruses/worms to enter the system.
4. A realtime standby system operating on a different mode should be available (diversity in redundancy).
5. Backup should be taken in every shift.
6. The persons manning the control room should change their dress totally in the change room and enter with company provided dress before entering control room / server room.
7. Control room, server room, etc should be under surveillance.
8. As it is seen in the movie Die Hard (2?) of taking over all control systems by connecting from distance, the cables connecting servers with plant data monitoring and control cables should be secured and any attempt to interfere should be sensed and alarmed.
9. Like railway gangmen check the rail tracks regularly, cable system should be checked physically also by authorized staff.
Above are some thoughts which came to me for ensuring process safety from worms like stuxnet. I have to understand about how plants are operated from computers and what are their defence systems.