SBN Credential Management and Enforcement for ICS/SCADA environments


In the world of Operational Technology (OT), Industrial Control Systems (ICS) comprise the majority of the segment. Where ICS assets are dispersed and require centralized data acquisition and control, Supervisory Control and Data Acquisition (SCADA) systems are used.

The SCADA systems allow users to monitor and control the ICS through simple interfaces. SCADA system users can view the current status of the system, make adjustments to the industrial process, review alarms or alerts and much more. 

The main components of SCADA systems are display units, the control unit, remote terminal units and communication links. 

Why are security and credential management important for SCADA systems?

SCADA systems were initially used for water distribution or electric utilities. Now SCADA systems are found in a range of industries, implemented by organizations and businesses needing large automated data collection and centralized control of related equipment.

Though SCADA has significant benefits, there is a constant threat of security breaches. 

  • Third-party firms and service vendors are often given remote access to the ICS/SCADA, taking security control away from the client company. Vendor equipment is not regulated by the client company and may not be secure. Breaches caused by vendor security failure could disrupt business services, halt industrial processes, collect vital information or compromise critical infrastructure
  • ICS/SCADA systems generally have access codes and passwords hardcoded into the system during time of manufacture. Most businesses and organizations don’t bother changing the access codes from the default set. An intruder with a list of default access codes could easily gain unfettered access to sensitive information and data
  • These systems are also connected to traditional IT systems, high-valued assets and host Industrial Internet of Things (IIoT) devices. SCADA systems linked to IT systems and business assets pose a major security risk. A breach of  ICS/SCADA systems (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Yash Tiwari. Read the original post at: