Basic cyber security

Owned by Rodney Hughes
Last updated: 20 Sept 2019Version comment
2 min read
© Copyright Rod Hughes Consulting Pty Ltd
Rod Hughes Consulting
General Web Site 		Applications
Home		Innovations and
Solutions Home
A bit about
Rod Hughes
 Link to this page...

The URL in the browser address bar is volatile and may be broken at any time.

To obtain a link to this page, click the <<Share>> button top-right of the screen.

  

Note - if the navigation pane on the left of this window is not visible, click the 2-pane icon on the top bar


The firewall is obviously the first mechanism for protecting the substation LAN.  Indeed there are sophisticated systems that do more than just basic firewalls.

However, we all know about Stuxnet and how easy it is to get something in behind the firewall - send an email, deliver a USB stick, send a technician to site with an infected PC.  Dare I raise the possibility of wireless connections with smart phone and other portable device 'apps'.

So first thing then is to minimise how open and possible any of that is.

Perhaps we only allow corporate PCs to be connected to the substation LAN since those PCs are running the latest anti-virus
– oh, but wait, ..... the technician hasn’t been to the office for 4 weeks (and hence virus definitions out of date) and stopped off at an internet café for his morning coffee and check his bank balance….
Or what if a supplier is required on site to do some work on their equipment with their software tools on their PCs ……

 

So applying engineering problem analysis:

  1. Can anybody plug anything into the network at any port on the network in the first place?
     
  2. Are there open ports on the switches?
     
  3. Are the switch ports locked away so that nobody can inadvertently disconnect an IED or backbone cable to connect their PC?
     
  4. When PCs or test equipment is connected to the LAN, is there some sort of control mechanism that authorises communication to be established in the first place?
     
  5. Is there a RBAC mechanism to make sure the person can only do things within their level of authority?

These are issues addressed by my patent: https://ideology.atlassian.net/wiki/x/GoBq

 

 
Contact Me

Email Me

A phone call is nearly always welcome depending on the time of night wherever I am in the world.
Based in Adelaide UTC +9:30 hours e.g.

April-SeptemberNoon UK = 2030 Adelaide
October-March:Noon UK = 2230 Adelaide

  Office + 61 8 7127 6357
  Mobile + 61 419 845 253


Extra Notes:

Disclaimer
No Liability:
Rod Hughes Consulting Pty Ltd accepts no direct nor consequential liability in any manner whatsoever to any party whosoever who may rely on or reference the information contained in these pages.  Information contained in these pages is provided as general reference only without any specific relevance to any particular intended or actual reference to or use of this information. Any person or organisation making reference to or use of this information is at their sole responsibility under their own skill and judgement.

No Waiver, No Licence:
This page is protected by Copyright ©
Beyond referring to the web link of the material and whilst the information herein is accessible "via the web", Rod Hughes Consulting Pty Ltd grants no waiver of Copyright nor grants any licence to any extent  to any party in relation to this information for use, copy, storing or redistribution of this material in any form in whole or in part without written consent of Rod Hughes Consulting Pty Ltd.