Environmental Engineering Reference
In-Depth Information
7.
Establish strong controls over any medium that is used as a backdoor into
the SCADA network.
Where backdoors or vendor connections do exist
in SCADA systems, strong authentication must be implemented
to ensure secure communications. Modems, wireless, and wired
networks used for communications and maintenance represent a
significant vulnerability to the SCADA network and remote sites.
Successful “war dialing” or “war driving” attacks could allow an
attacker to bypass all of other controls and have direct access to the
SCADA network or resources. To minimize the risk of such attacks,
disable inbound access and replace it with some type of callback
system.
8.
Implement internal and external intrusion detection systems and establish
24-hour-a-day incident monitoring.
To be able to effectively respond to
cyber attacks, establish an intrusion detection strategy that includes
alerting network administrators of malicious network activity origi-
nating from internal or external sources. Intrusion detection system
monitoring is essential 24 hours a day; this capability can be eas-
ily set up through a pager. Additionally, incident response proce-
dures must be in place to allow an effective response to any attack.
To complement network monitoring, enable logging on all systems
and audit system logs daily to detect suspicious activity as soon as
possible.
9.
Perform technical audits of SCADA devices and networks, and any other
connected networks, to identify security concerns.
Technical audits
of SCADA devices and networks are critical to ongoing security
effectiveness. Many commercial and open-sourced security tools
are available that allow system administrators to conduct audits of
their systems and networks to identify active services, patch level,
and common vulnerabilities. The use of these tools will not solve
systemic problems but will eliminate the paths of least resistance
that an attacker could exploit. Analyze identified vulnerabilities to
determine their significance, and take corrective actions as appro-
priate. Track corrective actions and analyze this information to iden-
tify trends. Additionally, retest systems after corrective actions have
been taken to ensure that vulnerabilities were actually eliminated.
Scan nonproduction environments actively to identify and address
potential problems.
10.
Conduct physical security surveys and assess all remote sites connected to
the SCADA network to evaluate their security.
Any location that has a
connection to the SCADA network is a target, especially unmanned
or unguarded remote sites. Conduct a physical security survey and
inventory access points at each facility that has a connection to the
SCADA system. Identify and assess any source of information,
