Cybersecurity within your municipality has never been more important than it is right now. In fact, the Department of Homeland Security, along with industry organizations like the American Waterworks Association (AWWA), identify the protection of utility SCADA systems as a top security priority.
Mitigating your utility’s cybersecurity risk can seem daunting, but there are some very practical steps you can take in order to reduce your SCADA system’s vulnerability. The following measures incorporate basic strategies that can be implemented at a relatively low cost and still provide a fundamental level of security within your utility.
1. Evaluate your system’s vulnerability. Cybersecurity awareness starts from within your utility. Those who are responsible for the integrity of your SCADA system should constantly seek to identify and mitigate internal and external security risks. Take measures to prevent unauthorized physical access to your system assets. Keep SCADA computers in secured areas, and only allow access to authorized personnel.
2. Keep system hardware and software up to date. Recent models/versions are often more secure than outdated models. The cost of a system upgrade will ultimately be far less than the cost of a major cybersecurity breach.
3. Adopt a strong user password policy. Require periodic password changes, a standard minimum password length, and varied password complexity. This will help prevent user passwords from being easily guessed or mined by social engineering methods. Also, require password updates whenever there is a staff change.
4. If remote system access is required, use a Virtual Private Network (VPN) along with Remote Access software. This will prevent the SCADA network from direct exposure to the Internet. If remote support vendors need to log-in, grant access on a temporary basis and use credentials that are valid for one session only. Alternatively, you can grant access upon invitation only.
5. Use encryption features on wireless networks. For an external hacker to execute a security breach, they first need access to your network. A more secure network = a more secure utility.
6. Develop an action plan that can be easily implemented in the event of a security breach. When the security of your utility is at risk, it’s important to prepare for the worst and hope for the best. A quality action plan will also provide additional value in the event of a critical system components failure.
7. Develop a security-oriented mindset. Perform regular evaluations of specific system characteristics and develop a plan to incrementally increase security. Taking small steps to improve your system’s cybersecurity now will save you huge amounts of effort later.
We understand that you’re faced with the difficult task of balancing your SCADA system’s security with the need for system usability. We recommend that you evaluate the level of risk in your environment and navigate the appropriate level of security accordingly. It’s also important to note that effective implementation of many SCADA security measures requires the expertise of trained and experienced professionals, so the use of trusted support vendors is essential.
If you have questions regarding the security of your current SCADA system, please contact an expert at Ruekert & Mielke today.
About the Authors
David C. Beyer
SCADA Systems Analyst
Dave has been with Ruekert & Mielke, Inc. since 1994. As a Systems Analyst, he provides SCADA system support for more than 20 communities in Wisconsin for Water, Wastewater and Electric Utilities. Dave is experienced in system design, communications, SCADA software, PLC programming and configuration, operator training, and instrumentation.