SECURITY

BRODERSEN SECURITY -------> 100%

Introduction

Security must NEVER be an after-thought…….

As Vikings we no longer chase enemies in long boats, but our impressive hardware and software is used to terrify our competitors and keep our products safe!

Brodersen have been manufacturing products for use in remote monitoring and control solutions for more than 50 years.  Our customer base is global and our products are used in a diverse range of applications that include energy management systems, water and waste water SCADA, infrastructure monitoring, building automation and airport management systems.

This application note provides an overview of the RTU32M/N Series security functionality.  RTU security is a hot topic amongst large utility companies who need to ensure their SCADA systems comply with both their own corporate security requirements and regulatory authority security standards. 

Traditionally corporate IT security system standards are based around information security with focus on Confidentiality, Integrity and Availability.  These focal points are typically reversed when defining SCADA system security requirements ie. Availabilty is most important!  Most RTU vendors have struggled to adapt their products to evolving security standards that are easily implemented in devices like PCs and Smartphones that are obsolete in 2-3 years, but hard to deploy in RTUs designed to operate for 10-15 years.

A fresh start allows security to be included - not as an 'add-on'

The RTU32M/N Series are the latest generation of Brodersen RTUs – with a new architecture that allows a ‘fresh start’ to developing product and security functionality.   Instead of trying to add on security, the RTU32M/N products have it included at multiple levels ie. adding a hard shell to a soft core seems good, until an entry point is found – a better solution is to have multiple layers of hard shells around a hard core (our Viking ancestors knew that!)

The essential components for the new RTU platform include ‘future proof’ hardware with guaranteed availability of the core CPU board components past 2035 and an embedded Linux operating system.

MP32A - RTU32M CPU

RTU Security Features Overview

The RTU32M/N Series have numerous security features that include;

  • Management of User Access and User Authentication – limiting use of default passwords, user group passwords and user privileges managed from a central location via LDAP
  • Firewall Implementation – a user interface to manage which IP ports are open and whitelisting and blacklisting of ranges of IP addresses (uses iptables)
  • Management of System Services – controls access to HHTP, HTTPS, SSH and Event Viewer services. An important requirement of any secure system is that non-essential services are disabled
  • Secure Applications and Firmware Updates – use of ‘signed’ application logic and firmware using RSA public-key cryptosystem techniques
  • Encryption of Sensitive Data – any files that include user or password type info. can be stored in an encrypted ‘container’ area of the SD card to protects against theft or incorrect transfer of SD cards
  • Secure Network Connections and Protocols – protecting data ‘in flight’ using dual VPNs and secure SCADA protocols such as DNP3 Secure

Managing user access - discouraging use of default passwords

The RTU32M/N Series products use a web server interface to view system information and manage the setup of the RTU.  The System Overview page below shows a ‘Security alert’ and warns that the RTU is configured to use default passwords

Administration of default passwords and creating additional users

The admin user password can be changed from the default

The root user password is not set by default to ensure root level access is only available if enabled/set

A user with Administrators group level access can add additional users and set their user group

Web server User group access levels include;

  • Guests (read only)
  • Superusers (read and some config)
  • Administrators (full access)

User authentication from a central LDAP service

Management of user authentication from a centrally managed server is critical for large corporations and utility companies that need to respond rapidly to changes of personnel.  The RTU can be configured to authenticate a user when a log in event occurs

The example setup here shows how user groups are mapped from the RTU to the LDAP server groups

Secure / Dual VPN Connection

The RTU supports dual VPN server connections using PPTP and L2TP/IPsec to provide secure connections to other networks.  L2TP with IPsec adds security to the establishment of the connection using pre-shared keys and encapsulation of the data packets using encryption

The RTU logic block ‘CONNECTVPNEX’ allows management and logging of the VPN connection process

PPP over serial link

Some corporate users have restrictions imposed on their field technicians that do not allow LAN ports on laptops to be used for anything other than connection to their corporate system.  Use of PPP (Point to Point Protocol) allows IP connectivity with the RTU using a serial port.

Syslog reporting services

.

If enabled, the Syslog service sends reports of all RTU runtime events and web server events to a corporate Syslog server.

Management of system services

Various system services can be enabled/disabled to restrict access to only the required services.

Encrypted storage – with optional SD cards

The RTU is able to store any files that include user and password type information in an encrypted container area of the SD card.

Firewall setup – managing IP ports and IP addresses

The RTU Firewall allows management of the IP ports that connect services and networks to the RTU.  In addition, Blacklists and Whitelists allow management of excluded/included lists of IP addresses.

Brodersen firewall

Applications and firmware updates are ‘signed’ to keep your RTUs safe

The WorkSuite logic application includes an Application Code Signing Tool that manages the generation and storage of public and private keys and enables the signing of logic applications (with an encrypted signature).  The public key and private key are used by WorkSuite to encrypt authorisation.  The public key is loaded in the RTU and used to decrypt authorisation.  Firmware update utilities for loading of RTU base firmware and IO module firmware also ensure that only ‘signed’ code/updates authorised by Brodersen will load.