Comment Contollers should NOT be on the Internet (Score 1) 124
No Industrial Controller should ever be connected to the internet.
This security problem applies to all Manufacturing, Chemical, Pharmaceutical, and Power industries.
When multiple sites need to be connected, they should use a Serial Dial-up or Leased Line connection or a VPN bridge that cannot respond to any Internet requests that do not originate from the VPN. DDOS attacks against the VPN nodes should only be able to disconnect the controller networks at which point a fallback Dial-up connection will take over.
Industrial Controller networks should look like this:
remote PLC/PID -- Firewall -- remote HMI/SCADA/Historian -- Firewall -- VPNbridge -- Internet -- VPNBridge -- Firewall -- HQ HMI/SCADA/Historian
An industrial Controller network should generate an severe error alert if any internet site is reachable.
When multiple sites need to be connected, they should use a Serial Dial-up or Leased Line connection or a VPN bridge that cannot respond to any Internet requests that do not originate from the VPN. DDOS attacks against the VPN nodes should only be able to disconnect the controller networks at which point a fallback Dial-up connection will take over.
Industrial Controller networks should look like this:
remote PLC/PID -- Firewall -- remote HMI/SCADA/Historian -- Firewall -- VPNbridge -- Internet -- VPNBridge -- Firewall -- HQ HMI/SCADA/Historian
An industrial Controller network should generate an severe error alert if any internet site is reachable.