As web-based SCADA, cloud technology, and remote access to SCADA and HMI systems becomes more widespread, there’s a move toward managing remote SCADA systems from across buildings, or even across town. With SCADA security an omnipresent concern, how can supervisors protect their Remote Terminal Units (RTUs) from direct or indirect malicious attacks and negligence? Here are some best practices to protect access to RTUs, both through physical security and the SCADA/HMI security built into SCADA software like InduSoft Web Studio.
Protect Physical Access
The first step to protecting RTUs is always physical access restriction. Depending on the remote site, this may be in the form of door alarms with coded entries, or fences around the remote perimeter. Eliminate all unnecessary ports, such as USB slots. The importance of the RTU will determine how extensive physical security must be to remain efficient, but maintaining some account of access to the physical unit is advisable.
SCADA/HMI software like InduSoft Web Studio provides built in security measures, such as support for Microsoft Active Directory using the LDAP protocol. Make use of these built-in features. Individual usernames and passwords are essential for accountability. User restrictions may also be used to prevent low-level users from accessing high-level functions. This access restriction has the side benefit of helping developers streamline applications. By ensuring that operators see only the information relevant to them, it is possible to keep the interface uncluttered and reduce the risk of error.
Another important aspect of traceability is the ability to trace the origin of commands or process changes. By determining if commands issue from a trusted central server or a RTU, it’s possible to help pinpoint where weak points in security are occurring, as well as follow threats back to the source.
Protect the Content
InduSoft Web Studio supports Secure Socket Layer (SSL) to encrypt data exchanged between the server and thin clients. Using this feature along with other native tools from the SCADA software to protect the application against cyber attacks will significantly enhance the security level of the SCADA system.
Keep Ahead of the Curve
Not all threats can be anticipated, but many can be avoided through proper vigilance. One important step in protecting RTUs is to ensure that your SCADA software is fully up-to-date. Install patches, hotfixes, and service packs as soon as they are available to close any security gaps your SCADA software may have. Being proactive can also help increase the efficiency of your operation. Downloading updated drivers as they are released is a good way to ensure that the application is running at maximum efficiency.