1660601536318 Cybersecuritytodolist3
  1. Protect
  2. Cybersecurity

Five SCADA security considerations

July 18, 2019
Allan Evora, president and executive manager at system integrator Affinity Energy, provides insights.

Because insecure remote access programs and applications can let intrusions leapfrog firewall configurations and other perimeter protections, they're among the most popular avenues for probes, hacks, malware downloads and other attacks. To lock out unauthorized and potentially destructive access, Allan Evora, president and executive manager at system integrator Affinity Energy, reported on "Five SCADA security considerations" in a Feb. 6, 2018, blog post on his firm's website. Located in Charlotte, N.C., Affinity is a member of the Control System Integrators Association. These five steps are:

  • Restrict in-house and remote system access to only authorized users, and assign role-based access levels based on the data, applications and network areas that employees, contractors and vendors need to do their jobs. Also, don't allow guest/default accounts because many applications and computers have pre-installed guest accounts that are often accessible via default password lists that hackers can capture with algorithms.
  • Update SCADA and other application passwords every 60-90 days, and use longer passwords with 10-15 characters that are more difficult to crack.
  • Require unique credentials for each user, and don't let them share usernames or passwords because it prevents administrators from having visibility of each user's actions. Again, don't use default usernames or passwords because they're easily Googled and used by potential intruders. Also, secure login screens by limiting login attempts. 
  • Use two-factor authentication that requires more than a username and password to protect remote applications from brute force password attacks. Two-factor authentication requires two of three items: something the user knows like a password, something the user has access to like a code or phone number sent to a smart phone, or something the user is like a biometric fingerprint.
  • Properly configure firewalls by establishing access control lists that dictate rules for the firewalls on who is trusted to access it and what data is allowed to leave. This is basically whitelisting and blacklisting IP addresses to restrict network traffic as much as possible. Also, set up virtual private networks (VPN) for users requiring remote access.
About the author: Jim Montague
JimMontague0609
Jim Montague is executive editor of Control. He can be contacted at [email protected].
About the Author

Jim Montague | Executive Editor

Jim Montague is executive editor of Control. 

Email

Continue Reading

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Manufacturing Marvels Highlights Why EZAutomation Is a Force to Be Reckoned With

Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...

Latest from Cybersecurity

shutterstock_2407457999
shutterstock_2474268459

Most Read

Sponsored