Secure Communications in Harsh Environments, Part 2
Editor's Note: This is part two in a three-part series on remote access in harsh environments. Part one of series details the emergence of harsh environment threats.
By Patrick Oliver Graf, General Manager NCP engineering
Risks of Outdoor Access Points
Another common weak spot for all SCADA systems is their insufficiently secured remote accessfunctionality. Through it, an attacker might be able to access and manipulate these components via a telnet or http connection. A lot of producers further facilitate hacking by "protecting" their systems with standard passwords the user can’t change -- yet, it’s relatively easy for an attacker to figure out these hard-coded passwords.
On top of this, hackers particularly like systems that transfer data via wireless LAN connections. In fact, many companies currently use such outdoor Wi-Fi networks on their premises. And while security experts repeatedly advise Wi-Fi network users to secure their connections with encryption protocols, like WPA2, even this does not ensure absolute security. Moreover, it’s easy as searching for the Internet to find instructions and tools for hacking such access points. Generally, it takes just several hours to hack encrypted Wi-Fi networks. But especially with outdoor Wi-Fi systems, it is fairly easy for a hacker to record and assess data traffic with hardly any risk at all.
And the major problem is that a successful attack on controlling and regulating devices frequently makes other areas of the targeted corporate network vulnerable. This happens because there is no absolute separation between regulation and control networks and the corporate intranet. To put it bluntly, hackers who manage to access a PLC are also able to use the industrial Ethernet infrastructure and work their way through to customer or financial data.