1660601536318 Cybersecuritytodolist3

Five SCADA security considerations

July 18, 2019
Allan Evora, president and executive manager at system integrator Affinity Energy, provides insights.

Because insecure remote access programs and applications can let intrusions leapfrog firewall configurations and other perimeter protections, they're among the most popular avenues for probes, hacks, malware downloads and other attacks. To lock out unauthorized and potentially destructive access, Allan Evora, president and executive manager at system integrator Affinity Energy, reported on "Five SCADA security considerations" in a Feb. 6, 2018, blog post on his firm's website. Located in Charlotte, N.C., Affinity is a member of the Control System Integrators Association. These five steps are:

  • Restrict in-house and remote system access to only authorized users, and assign role-based access levels based on the data, applications and network areas that employees, contractors and vendors need to do their jobs. Also, don't allow guest/default accounts because many applications and computers have pre-installed guest accounts that are often accessible via default password lists that hackers can capture with algorithms.
  • Update SCADA and other application passwords every 60-90 days, and use longer passwords with 10-15 characters that are more difficult to crack.
  • Require unique credentials for each user, and don't let them share usernames or passwords because it prevents administrators from having visibility of each user's actions. Again, don't use default usernames or passwords because they're easily Googled and used by potential intruders. Also, secure login screens by limiting login attempts. 
  • Use two-factor authentication that requires more than a username and password to protect remote applications from brute force password attacks. Two-factor authentication requires two of three items: something the user knows like a password, something the user has access to like a code or phone number sent to a smart phone, or something the user is like a biometric fingerprint.
  • Properly configure firewalls by establishing access control lists that dictate rules for the firewalls on who is trusted to access it and what data is allowed to leave. This is basically whitelisting and blacklisting IP addresses to restrict network traffic as much as possible. Also, set up virtual private networks (VPN) for users requiring remote access.
About the author: Jim Montague
About the Author

Jim Montague | Executive Editor

Jim Montague is executive editor of Control. 

Sponsored Recommendations

Measurement instrumentation for improving hydrogen storage and transport

Hydrogen provides a decarbonization opportunity. Learn more about maximizing the potential of hydrogen.

Get Hands-On Training in Emerson's Interactive Plant Environment

Enhance the training experience and increase retention by training hands-on in Emerson's Interactive Plant Environment. Build skills here so you have them where and when it matters...

Learn About: Micro Motion™ 4700 Config I/O Coriolis Transmitter

An Advanced Transmitter that Expands Connectivity

Learn about: Micro Motion G-Series Coriolis Flow and Density Meters

The Micro Motion G-Series is designed to help you access the benefits of Coriolis technology even when available space is limited.