I’m back with another exciting installment on SCADA security. Today I want to cover authentication and System redundancy.
It should be obvious, but authentication takes on an even more important role in securing SCADA environments. If you can’t protect the traffic coming in, you should at least ensure that the traffic is coming from a trusted source. This is one of the most emphasized points in the U.S. governments’ SCADA compliance (we see different countries having similar requirements for the SCADA/PCD environments throughout the world). I’m also glad to say that this is one part of compliance that most customers comply with because it’s easy and there is no business risk. You can send out a token and presto! Two-factor authentication is in place. That’s what the law requires and that’s what most companies that need to comply do. Yes, I was very specific in my wording. They send out one token to each of their component manufacturers set up one shared account for each of their equipment suppliers. In other words, they comply but completely miss the point.