Secure Communications in Harsh Environments, Part 3

Posted: September 27, 2012 in Rethink Remote Access, VPN
Tags: , , , , , ,

Editor’s Note: This is part three in a three-part series on remote access in harsh environments. Part one of series details the emergence of harsh environment threats, while part two covers the risks of outdoor access points

By Patrick Oliver Graf, General Manager NCP engineering

VPN: The Indispensable Barrier

So then, how do you secure SCADA systems against such attacks? The answer is simple, with the same measures as a regular corporate network.  This means, providing a protective mechanism, like firewalls, between regulation and control units and external Internet traffic. Firewalls analyze each access to the system, and block suspicious traffic or access to certain ports.

Furthermore, IPsec VPNs, with DES or AES encryption, are essential. When using protected tunnels to send data traffic, it’s impossible for hackers to listen in to data packets of PLCs, Local Control Units or RTUs, analyze them and draw conclusions to the technologies and systems employed in the SCADA network at hand. If the SCADA infrastructure is decentralized and has endpoints in various locations, it is sensible to implement an additional VPN server and a gateway. In this, the gateway acts as firewall and guardian by deciding which data of which systems receive network access.

Today, controls, data capturing systems and automation systems are similarly prone to hacker attacks as PCs, server and notebooks in a LAN. Therefore, those systems need the same amount of protection. This is especially true for systems with remote access connections. And remote access requires the use of VPNs and the corresponding server, clients and gateways. With that, a VPN is indispensable – even in harsh environments.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s