Infrastructure and SCADA security for enterprise and government agencies has been highlighted in the press and has recently become a center stage issue for Congress. It is a complex and multi-faceted problem, which has been historically focused on “keeping the bad guys out.” With the ever-increasing number of cyber attacks, the efforts to address potential vulnerabilities and increase the security of critical systems infrastructure has become a perpetual arms race.
An alternative to “keeping the bad guys out” focuses on stronger authentication for the “good guys”. This “good guy white-listing” approach is based on the premise that asset owners have more control over who needs access to infrastructure and critical systems than who needs to be kept out.
The strategy is based on the concept that systems communicate with systems and therefore the identity authentication should first be between the systems, themselves. The best infrastructure security model embraces a device-centric strong authentication model where the devices playing a part in the infrastructure are irrefutably known to each other. In implementing this approach, enterprises and government agencies need to address the following:
- Knowing who and what needs to have access to infrastructure assets?
- Implementing access authentication solutions that are secure, cost-effective, easy-to-use, and highly scalable
- Implementing access authentication solutions that provide flexibility and multi-dimensional security that complements existing systems and infrastructure
- Ensuring that regulatory compliance requirements and security best practices are addressed
NetAuthority’s Device Authentication Service is purpose-built for seamless, high performance, cost-effective, mass adoption for strong authentication of infrastructure and SCADA devices and systems:
- Irrefutable identification of the device via its Dynamic Device Key for strong authentication security
- Sub-second device authentication adds no noticeable latency to communication process; ongoing authentication is fully transparent
- Notifications and alerts for immediate visibility to intruders and unauthorized devices
- High Performance SaaS-based service or Device Authentication Engine available for self-hosting
- for seamless, cost-effective and mass scale deployment with other online and cloud services
- Secure Service API to interface with existing management, monitoring, and log management systems.
NetAuthority’s Device Authentication Service creates trusted device environments. For example, trusted-device environments can be established between individual SCADA master stations and RTUs, IEDs, PLCs or local client machines and remote data historians, HMIs and data collection nodes. Trusted-device environments can also be established with network infrastructure components so only data flows between certain firewalls or switches for VLAN implementations, and more.
The result is a true “trusted-device environment” where the good guys are authenticated – and everyone else is a bad guy by default and not allowed access.
To learn more about NetAuthority’s Device Authentication Service for infrastructure and SCADA systems, please contact us at firstname.lastname@example.org.