PLCs are vulnerable to cyber-attacks. Modern PLCs are connected to various business network based on the requirement. For example, monitoring the process operation remotely. Different protocols are used for accessing the PLC data remotely. OPC is one of the widely used technology.
Cyber security products are very expensive. For small-scale plant it may not be possible to afford the cost. Some simple steps can reduce the risk of cyber-attacks.
13 essential steps to protect Programmable Logic Controllers and SCADA from Cyber attacks
1.Disable the default windows users(Administrator and Guest).
2.Use antivirus and update antivirus regularly
3.Update the Microsoft patch regularly (Quarterly)
4.Disable USB access.
5.Use end point encryption
6.Use windows firewall to block the unauthorized access
7.Use Protocol firewall (Eg:modbus firewall) to block the unauthorized access to plc.
8.Set bios password
9.Analyze network activity.
10.Change the default PLC password
11.Change the SCADA default password.
12.Take backup of PLC program.
13.Take backup of SCADA PC
How network analysis can be done?
Why endpoint encryption is required?
Windows PCs are vulnerable to data privacy issues. Data can be restored from a hard disk without windows credentials. Endpoint encryption can protect this kind of data loss.
Endpoint protection also protect windows PCs from hacking tools like daossoft password rescuer. Daossoft password rescuer allows to bypass windows credential and login to a pc without windows user name and password. This is a risky situation for control system. Unauthorized person can access the control system using password rescuer. Endpoint encryption prevent this type of risks.
How to analyze network activity?
If you are familiar with NetBIOS commands that is one of the best options. There are other free network analysis tools are available. We will discuss about that in this article.
Displays protocol statistics and current TCP/IP connections using NBT (NetBIOS over TCP/IP).
NBTSTAT [-a RemoteName] [-A IP address] [-c] [-n] [-r] [-R] [-s] [-S] [interval] ]
-a (adapter status) Lists the remote machine’s name table given its name
-e (Adapter status) Lists the remote machine’s name table given its
-A Displays addresses and port numbers in numerical form.
-c (cache) Lists the remote name cache including the IP addresses
-n (names) Lists local NetBIOS names.
-r (resolved) Lists names resolved by broadcast and via WINS
-R (Reload) Purges and reloads the remote cache name table
-S (Sessions) Lists sessions table with the destination IP addresses.
-s (sessions) Lists sessions table converting destination IP addresses to host names via the hosts file.
RemoteName Remote host machine name.
IP address Dotted decimal representation of the IP address.
interval Redisplays selected statistics, pausing interval seconds between each display.
Press Ctrl+C to stop redisplaying statistics.
TracerouteNG by SolarWinds is another option. Free version is available. This software can be downloaded from following link.