Thursday, June 18, 2015

Take Steps to Avoid Liability for Cybersecurity Threats

The hack of Sony Pictures Entertainment not only resulted in huge losses of data, but it revealed how poorly that data was protected. Now, employees who had their identities exposed as a result of the hack have banded together. A U.S. district court judge has given them approval to sue Sony Pictures Entertainment for their poor protection of personal information.
While this case may not have any immediate legal effects on how companies store and guard data, it does serve as a wakeup call for industries that are complacent about taking the steps necessary to protect critical information. 
                                                                                                                                                                      Image Credit: blog.schneider-electric.com    
  Companies handling large amounts of information – particularly those who manage critical infrastructure – cannot afford to be lax when it comes to security. With cybersecurity breaches a near-constant threat, it’s not a matter of if, so much as when a system will be tested.
Some security breaches are unavoidable, but it’s the responsibility of every industry to make every possible effort to guard the data they collect and store.  In the very near future, those that do not have standard operating procedures for adequate cybersecurity may be held accountable.
Good security for intelligent systems begins with software that incorporates the tools necessary to build security functions into the application, rather than trying to safeguard  vulnerable systems through third party methods. Wonderware InTouch Machine Edition offers many security features that can be quickly configured to help protect applications. 
One of the security features Wonderware InTouch Machine Edition offers is the ability to manage users and groups locally, entirely within a single project, or through pre-defined users and groups from other projects or from an LDAP-compliant domain server.
Wonderware InTouch Machine Edition supports four security modes:
Local Only
This is the standard mode for most projects: users and groups are created in the development application, and they apply only to the project for which they’re created.
Distributed – Server
This is similar to Local Only, except that the project’s security system configuration is also made available to other Wonderware InTouch Machine Edition projects (that are set to Distributed – Client) on the same network. Furthermore, if the project loses its security system configuration for some reason, then it can reimport the configuration from one of its client projects.
Distributed – Client
When this mode is selected, the project gets its entire security system configuration from another project (that is set to Distributed – Server) on the same network. The project caches this configuration and can continue to run even if it loses communication with the server project.
Domain (LDAP)
The Lightweight Directory Access Protocol (LDAP) is a recognized standard for managing users and groups across many different applications on a network. When this mode is selected, the project gets its users and groups from an LDAP-compliant domain server, such as Microsoft Active Directory for Windows or OpenLDAP for Linux. However, only the user names, passwords, and group memberships are taken from the domain; specific rights must still be configured within the project.

Other built-in security features of Wonderware InTouch Machine Edition include: 
  • Support for encryption (Security Socket Layer – SSL) for communication over TCP/IP with the Thin Client stations.
  • Support for Server Certificate (Security Policy) on its native OPC UA Client module.
  • Built-in security system with multiple group levels. The device driver blocks keyboard commands on a very low level and allows you to lock the operator on the HMI/SCADA interface, blocking commands such as Alt+Tab, Windows key, Ctrl+Alt+Delete, Alt+F4, so the operator cannot shutdown the application or switch to the desktop or any other unauthorized application.
  • The Secure Viewer Thin Client offers a Thin Client solution, with support for all features of the native security system of InduSoft Web Studio.
  • Ability to filter the access to the Server based on IP Address ranges of the clients (useful for systems designed for LAN only).
  • Web Tunneling Gateway interface, supporting remote access to the runtime station through firewalls, via HTTP or HTTPS protocols.
  • Continuous support for the latest patches and versions of Microsoft operating systems
  • Compatibility with the major anti-virus packages in the market.