We spend a lot of time reviewing patch management, virtualization, firewalls and layered networks when discussing industrial control system cybersecurity tactics. But we tend to neglect simple physical security measures that can make a big difference in fending off attacks.
Stuxnet, the first worm to target a control system, was only able to contaminate PLCs because of lapses in physical security practices. The Stuxnet virus was placed on an infected USB card that when plugged into a computer automatically scans for Siemens PLC software to override and command PLCs to do new tasks.
There are many physical security gaps that if left opened can be as potentially damaging as cyber gaps. In general, physical security measures are the easiest parts of achieving 360° security. AWWA’s PCS Security Guidance document states that plants should control access to its facilities such as the control room, equipment cabinets and closets, and control panels. Unused network ports should be locked insuring USB drives with viruses can’t be plugged into them.
The application of this guidance document is quite easy. Go back to what security meant 50 years ago by simply locking doors and control panels in your facility. This might be a pain, but it’s a must for securing your system. Have your SCADA system report when a door is opened at a remote booster station and customize rules for when an open door is a dial out alarm. This will increase employee safety as well.
With your physical perimeter secure, block all unused ports so no one is allowed to download any unpermitted content to your system. You can buy USB port blockers on Amazon for under $20 dollars here:(https://www.amazon.com/s/ref=nb_sb_noss_1?url=search-alias%3Dcomputers&field-keywords=usb+port+blocker). Unused Ethernet ports also should be secured using Ethernet port blockers. USB and Ethernet cables must be locked ensuring only permitted access to them.
By taking the time to implement these simple physical security measures, you can make a lasting impact on your plant’s security and defend against worms, viruses and trojans. For help with industrial control system cybersecurity, contact Frakes Engineering at (317) 577-3000 or firstname.lastname@example.org.