86 • SMP Gateway User Manual
Monitoring and locking of remote connections — Modem and passthrough access is
continuously monitored, and can be enabled or disabled by the control center. All accesses are
logged and limited to authorized users.
Integrity checking — All SMP Gateway software and firmware components are digitally
signed in order to ensure their authenticity and integrity. All executable files are also
continuously monitored to prevent execution of unauthorized code.
13.2 Substation Network Security Considerations
13.2.1 Setting Up a Secure Substation LAN
Security, as implemented on the SMP Gateway, is not a substitute for full network security that
includes properly configured firewalls. It can be argued that if unauthorized users get as far as
trying out the SMP Gateway’s security features, there has already been a security breach at some
other level. The goal of the SMP Gateway’s built-in firewall, simply stated, is to minimize the risk
of unauthorized access (or network traffic) to internal components on the PCN or SCADA
systems.
The substation LAN is a critical part of a utility’s network. To ensure its integrity, it must be
isolated as much as possible from the outside world. Ensuring the security of the substation LAN
is a complex subject beyond the scope of this document. However, we will provide in this section
some general guidelines on setting up a secure substation LAN.
A corporate LAN provides a number of access points to the outside world and is exposed to a
variety of threats through its connection to the Internet, external mail servers and file transfers,
which may contain viruses. If there is a direct connection between the corporate LAN and
substation LANs, the substation is not secure.
A significant improvement is the use of firewalls with the ability to establish a number of
demilitarized zones (DMZ) between the enterprise and process control networks. Each DMZ holds
a separate "critical" component, such as the data historian, the wireless access point or remote and
third party access systems. In effect, the use of a DMZ-capable firewall allows the creation of an
intermediate network often referred to as a process information network (PIN).
Creating a DMZ requires that the firewall offer three or more interfaces, rather than the typical
public and private interfaces. One of the interfaces is connected to the enterprise and the second, to
the PCN/SCADA network; the remaining interfaces are connected to the shared or insecure
devices, such as the data historian server or wireless access points.
To isolate the substation LAN, you should take the following precautions:
There should be no email access.
There should be no Internet access.
There should be no direct connection to the corporate LAN.
Furthermore, a redundant path should be provided between the SCADA and the substation, to
ensure continued operation in the event of a failure of the corporate WAN. A dedicated
communications line is often maintained for this purpose.
To Next Page
Loading...