Loyal blog readers know we have been talking about and tracking the increased use of cellular modems in SCADA systems. These are often accessible from the Internet, almost always accessible by other users with service from the same cellular company, and so far always been installed in the default, insecure installation. So a recent article from Automation World singing the praises of cellular modem without mentioning the risks that must be considered is troubling.
A couple of quotes and comments:
“If you use a cellular router, you can go directly through the air to the manufacturing site,” says Scott Killian, worldwide director of presales solutions at Sixnet, a Ballston Lake, N.Y., provider of cellular routers. “An outside contractor can get access without all the effort of getting the IT (information technology) department to give them access to the corporate network.”
It may be better to come in through a SCADA VPN DMZ rather than the corporate network, but I hope the people designing this have experience securing remote access. Our experience with the major cellular carriers is they don’t even understand the security options and the accessibility of the systems they install. Claims of private network are quickly dispelled with a ping. Remember most of them are trying to sell relatively low cost services in high quantities.
This ability to monitor performance is a universal benefit of remote access. Many users say it can improve quality of life for those entrusted with keeping facilities running day and night. It’s much quicker for a plant manager to monitor a system from home and make changes than to drive into the factory to flip a switch or two.
This quote confirms that this remote access, for maintenance in this story, can affect the system. The Maintenance department is often separate from Operations. We have seen this lead to insecure access to remote sites that the Operations group would never accept, but they don’t worry about it because it is not Operations communication. This is obviously flawed thinking since Maintenance can bring the whole critical field device or other component down.
I want to stress here that I’m not saying never use cellular comms. We have clients that are using it in a responsible manner for hard to reach, non-critical monitoring data. They implement the available security and understand and accept the risk. It is just hard to see how an article like this can be written with no thought that there may be some risk with controlling operations from a mobile phone at home.
[self-censored paragraphs on advertorial and weak reporting becoming rampant]