THE MAGAZINE FOR THE FUTURE BY TÜV SÜD

NEW CYBERSECURITY LAW FOR PRESSURE EQUIPMENT

—— In spring 2021, it was widely reported in the media that there had been an attempted cyberattack against a water treatment plant in Oldsmar, Florida. Apparently, malicious hackers had remotely taken over its systems and tried to poison the water. Evidence of any actual system breach could not be found—but many vulnerabilities in the plant’s systems were discovered.

TEXT DAVID LÜTKE

The treatment plant, like other facilities with boilers and pressurized vessels, belongs to a class of facilities that are legally required to have monitoring systems. To avoid economic losses due to downtimes, and obviously to help avoid major accidents, these plants are subject to special provisions—although not as extensively and not for as long as one might think.

A law specifically for installations subject to monitoring only came into effect in 2021. The Act on the Adaptation of the Product Safety Act and Reorganization of the Law on Installations Requiring Monitoring defines the obligations for operators of such systems and those for inspecting agencies, and also deals with approval and testing procedures.

Now this law is being further expanded and augmented with specific details. To ensure higher safety standards for pipe systems, pressurized vessels and boiler systems in an era of increasing networking and digitization, the topic of cybersecurity was rolled into the regulations this spring. Risk assessments, new documentation requirements and compulsory operative measures were added in order to help avoid software glitches and cyberattacks.

Operators are required to have their systems undergo regular inspections. As a partner and expert in the field of machine safety, TÜV SÜD is the first port of call for this, and will be offering advice during an online event in December.

MORE ARTICLES