Restrict Malicious Access to Your Programmable Automation Systems with This Handy Guide

 Power grids are critical parts of a country’s infrastructure, and today's almost-daily cyberattacks show how critical it is for governments, vendors, and service providers to protect these systems.

With these attacks, hackers can successfully compromise information systems of energy distribution companies to disrupt electricity supply to end consumers, resulting in billions of dollars of losses. The capabilities, frequency, and severity of global attacks on critical infrastructure is likely to increase as plant systems and networks evolve and become increasingly connected.

Traditional approaches to securing an industrial control network, either by putting physical locks on control cabinets and doors to operations control rooms, or by building a control network with a hardened perimeter by physically separating control systems and outside communications infrastructure, are important, but no longer sufficient.

In today’s industrial environment, it’s essential that suppliers take an aggressive approach to developing secure and reliable products to help thwart attackers. Emerson’s portfolio of programmable automation controls and industrial automation and control solutions uses secure by design approaches and recommends defense in depth strategies during product and system implementation. The approach begins by helping users build a defendable environment.

To help customers restrict malicious access to their systems and educate them on how to create a segmented control network, Emerson distributes security guides with its PLC and PAC products. These guides outline common elements of a secure deployment, including firewalls and segmentation to block unsolicited incoming traffic, and isolating networks to restrict data transfer to only needed devices. Industrial routers can be implemented to manage data transactions between those isolated networks.

With this information, users can secure their PAC and PLC control networks in a much better way.

Each guide provides sample checklists to help guide customers through the process:

  • Create or locate a network diagram.
  • Identify and record the required communication paths between nodes.
  • Identify and record the protocols required along each path, including the role of each node.
  • Revise the network as needed to ensure appropriate partitioning, adding firewalls or other network security devices as appropriate. Update the network diagram.
  • Configure firewalls and other network security devices.
  • Enable and/or configure the appropriate security features on each Emerson control product.
  • For each product, change every supported password to something other than its default value.
  • Harden the configuration of each product, disabling unneeded features, protocols and ports.
  • Configure the specific clients authorized to communicate with the industrial controllers.
  • Test/audit/qualify the system.
  • Create and update/maintain plan.

How many of these steps have you taken?

Click here to learn more about PAC/PLC systems!