ICS Cyber Security Use Case #1 - What would you do about default passwords

Aug. 30, 2010

I continue to be reminded there has been too much discussion on problems and not enough on solutions (even though we keep finding new problems).  What seems obvious to me may not seem as obvious to others. To address those concerns, I will provide a series of ICS cyber security use cases to get your feedback on how you would address these actual cases. 

I continue to be reminded there has been too much discussion on problems and not enough on solutions (even though we keep finding new problems).  What seems obvious to me may not seem as obvious to others. To address those concerns, I will provide a series of ICS cyber security use cases to get your feedback on how you would address these actual cases. 

Use case 1 – Default passwords. There are reasons for keeping default passwords (rarely changed changed passwords generally known to many users) in an ICS.  However, IT security policy and the NERC CIPs require default passwords to be changed to “strong” passwords and changed periodically. In a benign office environment, this won’t cause unacceptable conditions. In an industrial setting such as a power plant, this can also be acceptable during normal operation. However, during an upset condition when personnel are under high stress, trying to remember whether a slash is forward or backward can be a real problem especially if there isn’t a “yellow sticky” on the computer screen which in itself is a security problem. One possibility of addressing the default password issue would be the use of biometrics. How would you address the default password issue in an operational environment without adversely impacting the safe and reliable operation of the facility?

Joe Weiss

Sponsored Recommendations

Municipalities are utilizing inline total solids measurements to enhance sludge thickening, lower polymer usage and cut operational expenses.
Carbon dioxide is increasingly recognized as a vital resource with significant economic potential. While the conversion of carbon dioxide into products is still in its infancy...
Discover our wide range of temperature transmitters that convert sensor signals from RTDs and thermocouples into stable and standardized output signals!
An innovative amine absorption-based carbon capture process enables retrofitting of existing industrial facilities to reduce emissions in hard-to-abate sectors, with advanced ...