How to Protect Against SCADA Attacks

How to Protect Against SCADA Attacks

Although you can’t know about and detect all vulnerabilities in advance of deployment, you certainly can be proactive in mitigating the potential of a SCADA security breach by taking the following defense-in-depth methods into consideration:
• Develop a security policy.

• Implement ACLs (access control lists).

• Use MAC address filtering.

• Use VLAN segmentation.

• Physically secure SCADA devices, including alarm and tamper management.

• Disallow the use of third-party USB and related memory sticks.

• Adhere to publications, guides, and standards, such as NERC Critical Infrastructure Protection (CIP) standards; NIST Special Publications 800 Series; IASE guidance; Security Technical Implementation Guides (STIGs); Advanced Metering Infrastructure Security (AMI-SEC) documents; and NISTIR 7628, Guidelines for Smart Grid Cyber Security: Vol. 1, Smart Grid Security Strategy, Architecture, and High-Level Requirements.

• Implement an IDS/IPS that supports SCADA protocol protection mechanisms.

• If a dial-up modem is utilized, implement enhanced security that supports activity logging, encryption, name and password authentication.

• Utilize protective protocols such as SSH, DNPsec, TLS, DTLS, SSL, PKI, and IPsec, if possible.

• Implement strong encryption capabilities.

• Implement a Security Information and Event Management (SIEM) system for log aggregation, log review, and audit analysis.

• Implement a scalable edge network strategy for all applicable firewalls, switches, routers, and IPS and IDS devices.

• Confirm and ensure policies are in place for two- and three-factor authentication.

• Ensure scheduled internal security assessments are routinely performed.

For any query or issue, feel free to discuss on