The firewall is obviously the first mechanism for protecting the substation LAN. Indeed there are sophisticated systems that do more than just basic firewalls. However, we all know about Stuxnet and how easy it is to get something in behind the firewall - send an email, deliver a USB stick, send a technician to site with an infected PC. Dare I raise the possibility of wireless connections with smart phone and other portable device 'apps'. So first thing then is to minimise how open and possible any of that is. Perhaps we only allow corporate PCs to be connected to the substation LAN since those PCs are running the latest anti-virus
– oh, but wait, ..... the technician hasn’t been to the office for 4 weeks (and hence virus definitions out of date) and stopped off at an internet café for his morning coffee and check his bank balance….
Or what if a supplier is required on site to do some work on their equipment with their software tools on their PCs …… So applying engineering problem analysis: - Can anybody plug anything into the network at any port on the network in the first place?
- Are there open ports on the switches?
- Are the switch ports locked away so that nobody can inadvertently disconnect an IED or backbone cable to connect their PC?
- When PCs or test equipment is connected to the LAN, is there some sort of control mechanism that authorises communication to be established in the first place?
- Is there a RBAC mechanism to make sure the person can only do things within their level of authority?
These are issues addressed by my patent: https://ideology.atlassian.net/wiki/x/GoBq |