Bayshore Networks Updates SCADAfuse to Support SCADA Network SecurityMarch 03, 2020 by Robin Mitchell
Bayshore Networks recently announced security enhancements in SCADAfuse for SCADA and HMI software in industrial environments.
Why is this important and how can automation help automation in security?
The Importance of Security
Anyone involved with industrial processes will know the importance of automation cannot go understated. What used to take many hundreds of workers can now be done with machinery that not only operates 24/7 but is also able to do the same work with precision and repeatability.
Such automation is only possible thanks to the advancements in technology such as robotics, PLCs, and network systems which allow control centers to view and co-ordinate entire production lines remotely. The use of cloud technology allows for machinery configuration data to be backed up and restored when needed while the use of an active internet connection allows for engineers from all over the world to monitor individual steps remotely.
However, like any system that is connected to the internet, it will be vulnerable to cyberattacks that may wish to see the industrial process halted, copied, or worse made to perform illicit actions such as DDoS attacks on other cloud services.
The use of secure systems is always critical. Each level of the network needs to be protected.
- The first levels are the machinery and PLCs involved with industrial processes that can be protected with the use of secure lockers (i.e. physical cages), removal of default usernames/passwords, and encrypted network communication protocols.
- The second layer is the communication lines themselves including Wi-Fi and Ethernet which both can be protected with the use of required login credentials, lack of accessible physical ports, and strong passwords.
- The third layer is the central control center which can be protected with the use of secure rooms with key card only access, login credentials, and removal of external internet access. The removal of internet access goes against the idea behind cloud computing whereby remote access can allow for remote monitoring. Therefore, control areas need to implement strong network protection features such as firewalls, network traffic monitoring, and the use of anti-malware software.
SCADAfuse Enhancement for PLCs and HMIs
In May of 2019, Bayshore Networks launched SCADAfuse, an automatic industrial firewall security tool. In February 2020, Bayshore has released new enhancements to this software.
Of the three security layers discussed above, PLCs and HMIs are one of the hardest layers to protect. Generally speaking, the reason for this is that PLCs and HMIs are designed to be easily interfaced with which also makes it easy for attackers to access these.
A PLC or HMI connected to a network will unlikely to integrate strong security measures and will be an easy point of attack. But PLCs are not only under threat from being attacked themselves but could be used as an entry point into a network and thereby become a doorway for attackers.
Bayshore Network's SCADAfuse. Image used courtesy of Bayshore Networks.
Therefore, the use of a network defense system between the PLC / HMI and the network would provide a useful shield from external attacks. This is exactly what the Bayshore Networks SCADAfuse does which is a physical device that sits between a PLC / HMI and the industrial network and protects them from unauthorized use, dangerous instructions, and remote takeovers.
The SCADAfuse is an in/out device which means it requires no re-addressing of the network or assets and is fully self-contained making it easy to incorporate into a standard industrial environment especially considering it fits on a standard DIN rail.
But to continue with enhancing security in an ever-changing world Bayshore Networks have added increase security protections into their SCADAfuse systems including the support of GE Digitals iFIX software proprietary protocols.
The collaboration between Bayshore Networks and GE Digital allows for those proprietary protocols to have additional protection which are used by iFIX nodes, clients, and drivers. SCADAfuse incorporates security features that allow it to intelligently combat malicious activity including automatically configured firewalls, recognition of standard activity, recognition of malicious activity, and policy engines.
SCADAfuse and iFIX
The combination of SCADAfuse and iFIX protocols allows for engineers and designers to have confidence when implementing HMI systems that provide real-time data logging and analysis.
"We are pleased that Bayshore Networks has incorporated iFIX protocols into the SCADAfuse product to provide additional network security to iFIX customers who require it", mentioned Scott Duhaime, iFIX Senior Product Manager at GE Digital.
Advanced HMIs and SCADA systems allow engineers to remotely monitor live data streams and ensure that equipment is operating correctly.
The use of such interface systems potentially exposes the underlying hardware to attack which is why a strong security system such as SCADAfuse is a device that should be integrated into every industrial process.
Now that SCADAfuse supports the iFIX range of protocols means that engineers can utilize advanced SCADA systems while having a secure environment to do so.
Do you use the Bayshore SCADAfuse or GE's Digital iFiIX?