Note: This is a sidebar to the January feature, "Practical Steps to Secure Industrial Networks."
Phoenix Contact’s Dan Schaffer, in his company’s white paper “5 Easy and Practical Steps Towards Securing Your Industrial Network,” recommends these practical steps to immediately make networks more secure:
- Have password security. Make them secret, current and strong. For example, construct a simple sentence you can remember (“I love to see the process operating today”). Create a mnemonic: “Il2ctpO2d!” Change as desired.
- Deny critical systems access to the Internet. “Allowing control PCs, HMIs, etc. to have access to the Internet is playing with fire,” Schaffer says. And do not allow control devices such as HMIs to have a public-facing address.
- Do not be fooled by Wired Encryption Protocol for wireless. Having an unencrypted network means that someone doesn’t need to get a username or password to begin listening to data.
- Do not use unsecure USB sticks. “While convenient, they’re risky. They are increasingly being used as an attack vector for malware,” Schaffer says. “Malware can easily replicate itself onto USB sticks—and often that goes undetected.”
- Use firewalls. A basic firewall is sufficient for most applications—and a good place to start. Firewalls use rules to decide whether to allow or prohibit traffic—data packets—from passing through them.