ICS Cyber Security Use Case #1 - What would you do about default passwords

Aug. 30, 2010

I continue to be reminded there has been too much discussion on problems and not enough on solutions (even though we keep finding new problems).  What seems obvious to me may not seem as obvious to others. To address those concerns, I will provide a series of ICS cyber security use cases to get your feedback on how you would address these actual cases. 

I continue to be reminded there has been too much discussion on problems and not enough on solutions (even though we keep finding new problems).  What seems obvious to me may not seem as obvious to others. To address those concerns, I will provide a series of ICS cyber security use cases to get your feedback on how you would address these actual cases. 

Use case 1 – Default passwords. There are reasons for keeping default passwords (rarely changed changed passwords generally known to many users) in an ICS.  However, IT security policy and the NERC CIPs require default passwords to be changed to “strong” passwords and changed periodically. In a benign office environment, this won’t cause unacceptable conditions. In an industrial setting such as a power plant, this can also be acceptable during normal operation. However, during an upset condition when personnel are under high stress, trying to remember whether a slash is forward or backward can be a real problem especially if there isn’t a “yellow sticky” on the computer screen which in itself is a security problem. One possibility of addressing the default password issue would be the use of biometrics. How would you address the default password issue in an operational environment without adversely impacting the safe and reliable operation of the facility?

Joe Weiss

Sponsored Recommendations

Measurement instrumentation for improving hydrogen storage and transport

Hydrogen provides a decarbonization opportunity. Learn more about maximizing the potential of hydrogen.

Get Hands-On Training in Emerson's Interactive Plant Environment

Enhance the training experience and increase retention by training hands-on in Emerson's Interactive Plant Environment. Build skills here so you have them where and when it matters...

Learn About: Micro Motion™ 4700 Config I/O Coriolis Transmitter

An Advanced Transmitter that Expands Connectivity

Learn about: Micro Motion G-Series Coriolis Flow and Density Meters

The Micro Motion G-Series is designed to help you access the benefits of Coriolis technology even when available space is limited.