Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ System Platform

TABLE OF CONTENTS

General information about security infrastructure

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedAug 12, 2024
  • 5 minute read

The security infrastructure comprises many components that support the supervisory and control system. Each component needs to be reviewed and defined by critical value and attack vulnerability. Policies and procedures must then be defined that provide auditing and maintaining the security levels of each component.

Redundancy

Each component should also be reviewed for possible redundant configuration to improve availability and protect against the system becoming unavailable due to a single failure. For detailed information on Application Server redundancy configuration, see the Application Server User Guide.

Authenticators

System users could be actual operators and engineers, or other systems or services that run internally or externally to the supervisory control system.

All known users must be accounted for and defined authentication methods and procedures should be developed to reduce the risk of unauthorized access to critical systems or protected information.

Security policy enforcement components

Each device or software package that is deployed for security policy enforcement must be defined by enforcement type and its impact to system on failure. These components include, but are not limited to, firewalls, routers, switches, and operating system services.

Any enforcement component that is defined as critical should be deployed in a redundant configuration if possible.

Firewalls, routers, switches

Firewalls, routers, and switches are an integral part of supervisory and control systems.

Firewalls provide for a way to isolate and control communication between segments of a network and between operational units. A detailed understanding of communication ports, IP addresses, and protocols needed for the supervisory and control system to function properly is critical for the success of the security policy.

By defining solid policies and procedures for firewall configuration, operation, and auditing, you can limit your communication to specific ports and IP addresses that allow only authorized communication between systems.

Additionally, defining solid policies and procedures for router and switch configuration ensures management of where information and access is permitted along with control over bandwidth. Optimal network utilization can then be achieved.

Although firewalls, routers, and switches have overlapping capabilities, each device should be used for its base functionality: firewalls should be used to control communication types, routers should be used to forward communication by routing protocols along a proper route, and switches should be used to manage bandwidth by controlling communication flow between ports and avoiding packet collisions.

Domain controllers

The use of services such as Microsoft Active Directory provides management and enforcement of access security for users, groups, and organizational units.

Not all software supports domain-level security. For example, some automation software will require local PC or even package- or ApplicationObject-level security to be defined and implemented. Check the product documentation carefully before deployment.

Physical networks

The basic building block of a supervisory and control system is the physical network itself. Special attention should be given to the design, selection of media, and installation of the network. A careful review of any installed network segment should be undertaken before extending or adding components.

By making sure redundant paths and proper distances are observed, slow and unreliable communication can be avoided. All networks should be reviewed for live unsecure ports and exposed segments that could be tapped. With the complete network layout documented, recovery plans can be defined to improve system availability in the event that an incident that takes down part of the network.

Remote access devices

Policies and procedures should be developed to control the installation and use of modems for remote access. A very good alternative to allowing modem access is to implement Virtual Private Network (VPN) access. If a modem has to be used for remote access a good rule is to require dial back connections.

Wireless access

Wireless technologies are often used with supervisory and control systems. The following topics should be considered when defining a wireless implementation:

  • Access can be limited to exclude unwanted areas through the use of directional antennas.

  • Utilize more than the industry-standard WEP ("Wired Equivalent Privacy") protocol.

  • Use a solution based on 802.1X, Extensible Authentication Protocol (EAP), and Wi-Fi encryption.

  • Review implementation guides from your wireless device vendor and from your operating system vendor.

Software

The software components of a supervisory and control system can have a large impact on the security of the overall system. When reviewing the security features of the software that will be deployed within a production facility, each component should be evaluated as an integrated part of the complete system.

All software components should leverage the capabilities of the infrastructure and support configurations that meet the policies and procedures that are defined as need to secure the system. By reviewing all software from a security standpoint, policies and procedures can be established to audit the system and maintain high levels of security.

Virus and malicious software protection

With the many host-based protection system options available on the market today, ensure that all supervisory and control system software is compatible and that the vendor provides timely updates. Host-based protection software should also protect against other malicious software such as spyware, malware, and adware.

Intrusion protection and prevention

Intrusion protection and prevention has become a viable way of raising the security level within a TCP-IP LAN or WAN infrastructure.

Intrusion detection systems monitor network traffic and generate alerts when malicious traffic or repeated password guessing is detected. These tools have been employed by IT department for many years.

Intrusion prevention technology has become the preferred method to detect and alert when hacking or virus/worm attacks are present, as well as block such attempts by managing firewall policy, switch ports, router paths, and trapping emails before damage can be done.

The implementation of an intrusion detection or prevention system on a supervisory and control network does include risk. The following list explains some considerations when evaluating their use in a particular environment:

  • The system should provide centralized reporting and management.

  • The system should provide multiple ways to deliver alerts.

  • Evaluate the supported level of signature-based identification of malicious or anomalous traffic.

  • Connection Flood (denial of service) controls should be included.

  • The system should support alert-only mode for tuning.

  • The system should support the software and application that you have installed or going to deploy.

  • The system should enable creation of your own policies.

  • Evaluate supported bandwidth and connections.

Because intrusion detection and prevention systems can present a risk to functionality and operation of a supervisory and control system, a well-developed design with strong policies and procedures should accompany any implementation plan.

Operating systems

Review the base operating system that hosts all of your supervisory and control applications for proper deployment, configuration, and security patches. The initial focus should be reviewing installed components and configured users.

Microsoft provides detailed guidance for locking down your operating system to mitigate security threats. By defining what supervisory and control software is to be deployed to a system, you can define the level of lock-down, and at the same time ensure full functionality of manufacturing applications.

Databases

Database applications such as Microsoft SQL Server have become a common component of all manufacturing systems. Because of the need to allow access to database information, and the need to update and append the information, you must be very deliberate in the approach to locking down a database.

Provide a detailed mapping of users (people and services) which require access and define usable database security policies.

In This Topic
TitleResults for “How to create a CRG?”Also Available in