Cybersecurity-to-do-list3
  1. Protect
  2. Cybersecurity

Five SCADA security considerations

July 18, 2019
Allan Evora, president and executive manager at system integrator Affinity Energy, provides insights.

Because insecure remote access programs and applications can let intrusions leapfrog firewall configurations and other perimeter protections, they're among the most popular avenues for probes, hacks, malware downloads and other attacks. To lock out unauthorized and potentially destructive access, Allan Evora, president and executive manager at system integrator Affinity Energy, reported on "Five SCADA security considerations" in a Feb. 6, 2018, blog post on his firm's website. Located in Charlotte, N.C., Affinity is a member of the Control System Integrators Association. These five steps are:

  • Restrict in-house and remote system access to only authorized users, and assign role-based access levels based on the data, applications and network areas that employees, contractors and vendors need to do their jobs. Also, don't allow guest/default accounts because many applications and computers have pre-installed guest accounts that are often accessible via default password lists that hackers can capture with algorithms.
  • Update SCADA and other application passwords every 60-90 days, and use longer passwords with 10-15 characters that are more difficult to crack.
  • Require unique credentials for each user, and don't let them share usernames or passwords because it prevents administrators from having visibility of each user's actions. Again, don't use default usernames or passwords because they're easily Googled and used by potential intruders. Also, secure login screens by limiting login attempts. 
  • Use two-factor authentication that requires more than a username and password to protect remote applications from brute force password attacks. Two-factor authentication requires two of three items: something the user knows like a password, something the user has access to like a code or phone number sent to a smart phone, or something the user is like a biometric fingerprint.
  • Properly configure firewalls by establishing access control lists that dictate rules for the firewalls on who is trusted to access it and what data is allowed to leave. This is basically whitelisting and blacklisting IP addresses to restrict network traffic as much as possible. Also, set up virtual private networks (VPN) for users requiring remote access.
About the author: Jim Montague
JimMontague0609
Jim Montague is executive editor of Control. He can be contacted at [email protected].
About the Author

Jim Montague | Executive Editor

Jim Montague is executive editor of Control. 

Email

Continue Reading

Sponsored Recommendations

2024 Industry Trends | Oil & Gas

We sit down with our Industry Marketing Manager, Mark Thomas to find out what is trending in Oil & Gas in 2024. Not only that, but we discuss how Endress+Hau...

Level Measurement in Water and Waste Water Lift Stations

Condensation, build up, obstructions and silt can cause difficulties in making reliable level measurements in lift station wet wells. New trends in low cost radar units solve ...

Temperature Transmitters | The Perfect Fit for Your Measuring Point

Our video introduces you to the three most important selection criteria to help you choose the right temperature transmitter for your application. We also ta...

2024 Industry Trends | Gas & LNG

We sit down with our Industry Marketing Manager, Cesar Martinez, to find out what is trending in Gas & LNG in 2024. Not only that, but we discuss how Endress...

Latest from Cybersecurity

Most Read

Sponsored