Editor’s Note: This is part three in a three-part series on remote access in harsh environments. Part one of series details the emergence of harsh environment threats, while part two covers the risks of outdoor access points.
By Patrick Oliver Graf, General Manager NCP engineering
VPN: The Indispensable Barrier
So then, how do you secure SCADA systems against such attacks? The answer is simple, with the same measures as a regular corporate network. This means, providing a protective mechanism, like firewalls, between regulation and control units and external Internet traffic. Firewalls analyze each access to the system, and block suspicious traffic or access to certain ports.
Furthermore, IPsec VPNs, with DES or AES encryption, are essential. When using protected tunnels to send data traffic, it’s impossible for hackers to listen in to data packets of PLCs, Local Control Units or RTUs, analyze them and draw conclusions to the technologies and systems employed in the SCADA network at hand. If the SCADA infrastructure is decentralized and has endpoints in various locations, it is sensible to implement an additional VPN server and a gateway. In this, the gateway acts as firewall and guardian by deciding which data of which systems receive network access.
Today, controls, data capturing systems and automation systems are similarly prone to hacker attacks as PCs, server and notebooks in a LAN. Therefore, those systems need the same amount of protection. This is especially true for systems with remote access connections. And remote access requires the use of VPNs and the corresponding server, clients and gateways. With that, a VPN is indispensable – even in harsh environments.