Highly Secure HMI SCADA and Automation Systems .Highly Secure HMI/SCADA and Automation Systems...

download Highly Secure HMI SCADA and Automation Systems .Highly Secure HMI/SCADA and Automation Systems October

of 16

  • date post

    07-Sep-2018
  • Category

    Documents

  • view

    214
  • download

    2

Embed Size (px)

Transcript of Highly Secure HMI SCADA and Automation Systems .Highly Secure HMI/SCADA and Automation Systems...

  • Highly Secure HMI/SCADA and Automation Systems

    October 2015 An ICONICS Whitepaper www.iconics.com

  • Copyright2015,ICONICS,Inc. ICOWPP025100FoxboroughBlvd.,Foxborough,MA02035 1

    CONTENTS

    AboutThisDocument.............................................................................................................................................3

    CopyrightandConfidentiality.............................................................................................................................3

    Overview.................................................................................................................................................................4

    SecurityforMissionCriticalApplications...........................................................................................................4

    AttentiontoDetailatEveryStep........................................................................................................................4

    RestrictedAccessandSecureCommunications.................................................................................................4

    RedundantOperationsandMissionCriticalTechnology....................................................................................4

    Development,Standards,andCertifications.................................................................................................5

    SecureProductDevelopmentProcess................................................................................................................5

    PhysicalSecurity..............................................................................................................................................5

    DigitalSecurity................................................................................................................................................5

    CodeReviews..................................................................................................................................................5

    TimelyHotFixes..............................................................................................................................................5

    BinarySigning..................................................................................................................................................5

    Obfuscation.....................................................................................................................................................5

    CompatibilitywithMicrosoftUpdates............................................................................................................6

    ProductDeliveriesareFreefromVirusesandMalware.................................................................................6

    CERTProgramwithHomelandSecurity..............................................................................................................6

    STIGSecurityTechnicalImplementationGuidelines........................................................................................7

    FDACodeofFederalRegulations(FDA/CFR12part11).....................................................................................7

    MicrosoftWindowsCertifications......................................................................................................................7

    RuntimeSecurity.....................................................................................................................................................8

    ICONICSSecurityServerandUserAccessControls............................................................................................8

    UserandGroupAccessandAuthenticationControls.....................................................................................8

    Encryption.......................................................................................................................................................9

    MicrosoftActiveDirectorySynchronization...................................................................................................9

    OtherSecurityRelatedCapabilities....................................................................................................................9

    ConfiguratorAuditTrailandLogs...................................................................................................................9

    MicrosoftSQLServerSecurity.........................................................................................................................9

    SCADAVisualizationPasswordSecurity..........................................................................................................9

    ProjectDeploymentPasswordSecurity........................................................................................................10

  • ICONICS WHITEPAPER

    Copyright2015,ICONICS,Inc. ICOWPP025100FoxboroughBlvd.,Foxborough,MA02035 2

    DataCommunications...........................................................................................................................................10

    OPCUnifiedArchitecture..................................................................................................................................10

    DiscoverandSessionEstablishment.............................................................................................................10

    Transport.......................................................................................................................................................10

    DataCommunicationSecurity..........................................................................................................................10

    FrameWorX64...............................................................................................................................................10

    WindowsCommunicationFoundation(WCF)...............................................................................................11

    ICONICSGenBroker.......................................................................................................................................11

    OtherDataCommunicationsSecurity...............................................................................................................12

    AllowedClients..............................................................................................................................................12

    PasswordManager........................................................................................................................................12

    PortSecurity..................................................................................................................................................12

    HTTPS/SSL.....................................................................................................................................................12

    ICONICSSecurityBestPractices............................................................................................................................12

    Conclusion.............................................................................................................................................................13

    References.........................................................................................................................................................13

    ApplicationNotes..........................................................................................................................................13

    WhitePapers.................................................................................................................................................13

  • ICONICS WHITEPAPER

    Copyright2015,ICONICS,Inc. ICOWPP025100FoxboroughBlvd.,Foxborough,MA02035 3

    About This Document

    Copyright and Confidentiality This document contains proprietary information of ICONICS, Inc. and is subject to the condition that no copy or other reproduction be made in whole or in part for any use. No use may be made of information herein except for which it is transmitted, without the express written consent of ICONICS, Inc. 2015 by ICONICS, Inc., Foxborough, Massachusetts.

  • ICONICS WHITEPAPER

    Copyright2015,ICONICS,Inc. ICOWPP025100FoxboroughBlvd.,Foxborough,MA02035 4

    Overview ICONICSproductshaveahistoryofinstallationinextremelycriticalandsecureapplications.ICONICSsystemsareinuseatsomeofthemostsecureDefenseDepartmentapplications,bothfortheUSDepartmentofDefense,andthoseofothernations.TheICONICSsoftwareproductsalsoareroutinelyinstalledinFDAregulatedsites,RegulatedUtilityandnationalgridinstallationsandothercriticalinfrastructure.Theseapplicationsrequiretheproductstobedesignedfor,andtestedto,rigidrequirements.

    ICONICSusesfeaturessuchasencryption,certificateauthentication,userandsystemencryptedpasswords,andobfuscationtoprovidethehighestlevelofsecuritydemandedoftodayssystems.Equallyimportant,wemakethesystemextremelyflexibleforthesystemadministrator,sothatallsystemtosystem,andsystemtoclient,interfaceparameterscanbeadjustedtoworkwithinacustomerssecureinfrastructure.

    ThisdocumentwillpresentanoverviewofthemanyfeaturesandqualitiesofICONICSapplicationsthatmakethemagoodfitforasecureproject.

    Security for Mission-Critical Applications Wehaveinvestedmillionsofdollarsinourproducttechnology,includingourcommitmenttomaintainingrigoroussecuritystandards.Asacompanythathelpsprovidecustomersproductsthathelpthemoperatetheirindustrial,manufacturingandmissioncriticalfacilities,ICONICSutilizesthelatestsecurit