Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ Plant SCADA

Secure systems through authentication and authorization

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
TABLE OF CONTENTS

Secure systems through authentication and authorization

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedJul 19, 2024
  • 2 minute read

Typically, ICS software is comprised of a large number of systems, each accessed by a variety of users including engineers, operators and managers. The level of access that each type of user requires is different. So, it is necessary to manage user authentication and authorization to secure the system.

Authentication

Authentication is the process of verifying a user's/system's identity. Authentication can be managed in the following ways:

  • Within the ICS software through application accounts

  • Through Windows accounts, which can be local to a single computer

  • Through Authentication systems (see the next section for details)

While ICS software allows for user and role management, it can become cumbersome and complicated to manage a large number of user accounts as employees and roles change. Because of this, use of Windows accounts is generally preferred.

Authentication systems

Authentication systems such as Active Directory and Lightweight Directory Access Protocol (LDAP), referred to as authentication servers, are a repository of and provide centralized management for all system accounts and individual user accounts. An authentication protocol is used for all communication between authentication servers and the user or server requesting authentication.

Even though use of authentication systems provides improved scalability, the following factors must be considered depending upon the size and complexity of your operations:

  • It is important that the authentication servers are highly secured.

  • The authentication server system creates a single system for managing all system accounts. Therefore, it requires to be available at all times. To ensure minimal disruption during an emergency, redundancy must be considered.

  • Permit caching of user credentials only for users who have authenticated their identity recently.

  • Networks that support the authentication protocol must be reliable and secure to assist in trouble-free authentication.

It may also be worthwhile implementing two-factor authentication using additional applications such as PingID.

Authorization

Authorization is the process of providing the correct level of privileges to users by applying access rules to authenticated users, systems (HMIs, field devices and SCADA servers) and networks (remote sites' LANs).

TitleResults for “How to create a CRG?”Also Available in