The URL in the browser address bar is volatile and may be broken at any time.
To obtain a link to this page, click the <<Share>> button top-right of the screen.
Note - if the navigation pane on the left of this window is not visible, click the 2-pane icon on the top bar
The firewall is obviously the first mechanism for protecting the substation LAN. Indeed there are sophisticated systems that do more than just basic firewalls.
However, we all know about Stuxnet and how easy it is to get something in behind the firewall - send an email, deliver a USB stick, send a technician to site with an infected PC. Dare I raise the possibility of wireless connections with smart phone and other portable device 'apps'.
So first thing then is to minimise how open and possible any of that is.
Perhaps we only allow corporate PCs to be connected to the substation LAN since those PCs are running the latest anti-virus – oh, but wait, ..... the technician hasn’t been to the office for 4 weeks (and hence virus definitions out of date) and stopped off at an internet café for his morning coffee and check his bank balance…. Or what if a supplier is required on site to do some work on their equipment with their software tools on their PCs ……
So applying engineering problem analysis:
Can anybody plug anything into the network at any port on the network in the first place?
Are there open ports on the switches?
Are the switch ports locked away so that nobody can inadvertently disconnect an IED or backbone cable to connect their PC?
When PCs or test equipment is connected to the LAN, is there some sort of control mechanism that authorises communication to be established in the first place?
Is there a RBAC mechanism to make sure the person can only do things within their level of authority?
A phone call is nearly always welcome depending on the time of night wherever I am in the world. Based in Adelaide UTC +9:30 hours e.g.
Noon UK = 2030 Adelaide
Noon UK = 2230 Adelaide
Office + 61 8 7127 6357 Mobile + 61 419 845 253
No Liability: Rod Hughes Consulting Pty Ltd accepts no direct nor consequential liability in any manner whatsoever to any party whosoever who may rely on or reference the information contained in these pages. Information contained in these pages is provided as general reference only without any specific relevance to any particular intended or actual reference to or use of this information. Any person or organisation making reference to or use of this information is at their sole responsibility under their own skill and judgement.