Water treatment operation required precise control as it concerns the safety daily life of residents in its covered areas. Water Authorities in Texas is increasingly concerned about its OT Cybersecurity.
SCADA (Supervisory Control and Data Acquisition) system is widely adopted in WWTP operation. Typically, WWTP consists of water plants, pump stations, water towers, pipelines, and remote terminal units which scattered in its covered region. As an integrated process system, WWTP takes many industrial Ethernet switches, cellular gateway, and routers as the interconnections of the system network.
With the application layer of SCADA system more and more opened, besides the hardware and software of professional control system suppliers such as Siemens, AB, GE, Schneider, those of standardized operating system, server and SQL database are also operated on it, which make the SCADA system facing severely Cybersecurity challenges.
Through the network and moveable storage medium, malicious codes/intrusion and ransomware have become the increasing threats to SCADA system. For instance, the communication between the virtual masquerade IP host and the controller in the SCADA system, unauthorized access and abnormal configrations will bring huge potential risks to the production of water treatment and SCADA system.
Best solution: Preventing Cybersecurity Incidents in advance
The detection of Cybersecurity Incident usually already has impacted the system and/or its operation. By appropriately utilizing the Cybersecurity Function of AVCOMM 8000 series Industrial Ethernet Switches such as ACL Filter, TACACS+/Radius, DAI(Dynamic ARP Inspection) etc. which are exclusive of AVCOMM is the best solution to prevent Cybersecurity incidents.
Cybersecurity Solution from Industrial Ethernet Switch
SCADA system is a device layer network that composed of the devices such as PLC, HMI, RTU, etc., as well as an integrated system of application layer network cooperation that constructed by databases and servers. Traditional firewalls are normally deployed in the outlet of the system network to defend against access threats from the Internet, while the application layer is protected by the Virus library of the antivirus software running in the operating system.
However, system integrators lack the technical solutions of security defense for the equipment layer network below the application layer of SCADA system. AVCOMM 8000 series Industrial Ethernet Switches in the water treatment SCADA system can provide an effective solution to defend against potential attacks on SCADA devices, while no need to invest on additional dedicated network security devices.
System Solidity and Port binding are the foundation of OT Cybersecurity
Compared to information systems (Information Technology), Production systems (Operational Technology) has the highest priority of certainty. Connected devices and running programm usually keep unchanged. Thus, the Cybersecurity policy based on port binding and authentication is more suitable for OT system. The IP Source Guard function, one of the security functions of the AVCOMM 8000 series Industrial Ethernet Switches, can quickly identify the consistency of the MAC address and IP address of the connected device, such as PLC with the set value, hence ensuring the security of system access and communication. Should any changes or tampering been detected, the security function will prompt a notice, and the communication will be temporarily blocked.