Security of SCADA (supervisory control and data acquisition) and other industrial control systems (ICSs) is a complex subject, and one that has received much attention in recent years. While modern industrial control systems use many of the same computers, operating systems and networking component as conventional business networks, the two kinds of networks are managed very differently.
Control system networks are notoriously vulnerable to certain kinds of attacks, and whether common security wisdom works on these networks or not, these vulnerabilities must still be addressed.
Safety is the highest priority at every industrial site, and also for every control system network. For every change to any control system component we always ask “how likely is it that this change will hurt anyone?” or “will it create a public safety risk?” or “will it cause an environmental catastrophe?” Safety is always our first priority, and reliability is our second.
Business networks are under constant attack. How do professionals deal with this constant, pervasive threat? In part, they deal with it through constant, aggressive change. “Stay ahead of the bad guys.” Update anti-virus signatures several times per day. Apply the latest vendor security updates within two days of the vendor’s release.
This is the exact opposite of how control system networks are managed. Control system networks are generally configured to be unable to exchange information directly with the Internet, and so are not under constant attack. The biggest risk to industrial networks is the connection to the business network.
Waterfall Security Solutions’ Unidirectional Security Gateways offer a solution which increases confidence in protection of safety, integrity and availability of the operations network. The gateways are a hardware-based solution which permits information to flow out of the operations network, without allowing any attacks, messages or information back in.