Therefore, several of the rules for hardening automation systems apply to these systems as well. From an automation system perspective, protection and control relays are at the bottom of the hierarchy, closest to the actual main processes. It is important to apply the “defense-in-depth” information security concept, whereby each layer in the system is capable of protecting the automation system, and therefore the protection and control relays are part of this concept. The following points should be considered when planning system protection.
– Recognize and familiarize yourself with all parts of the system and the system’s communication links
– Remove all unnecessary communication links from the system
– Rate the safety level of the remaining connections and improve them using applicable methods
– Harden the system by removing or deactivating all unused processes, communication ports, and services
– Check that all applicable parts of the entire system are backed up
– Collect and store backups of system components and keep them up to date
– Remove all unnecessary user accounts
– Define password policies
– Change default passwords and use strong passwords
– Check that strong encryption and authentication is used for links from the substation to higher-level systems
– Separate public (untrusted) from automated (trusted) networks
– Isolate traffic and networks
– Use firewalls and demilitarized zones
– Evaluate systems regularly
– Use malware protection in workstations and keep it up www.cniacs.com to date It is important to utilize defense-in-depth concepts when designing automated system security. Connecting devices directly to the Internet is not recommended without adequate additional security components. Security controls should be used for the different layers and interfaces in the system. In addition to product features, strong security means enabling and using available features and enforcing their use according to company policy. Proper training of personnel accessing and using the system is also required.
Leave a comment
Your email address will not be published. Required fields are marked *