Configure SCADA Security
All the while, SCADA security has been one of the essential measures to develop a complete SCADA system. Ecava IntegraXor is specially designed for operation with high security measures and implementations. As far as the SCADA security concern, the system architecture is designed according to OWASP recommendations and best practices. In this training, we will attempt to configure the SCADA security based on different users and roles.
General Security Setting
First, create a new or open any existing project, and navigate to ‘Security’ from the left menu in Project Editor. You can notice there are several options, such as ‘Project Concurrent Login’, ‘Exclusive Write Mode’, etc. As shown in screenshot below.
The description / explanation for each of the setting is displayed at the bottom when you click on them. Let’s remain the default setting for this project.
Configure the Role
Next, click on the sub-menu ‘Role’ and reveal the table of Roles. Again, there are a default list of roles created for every new project. Let’s add a new role by appending a new row at the bottom, for example as shown below.
Configure the User
Then, you need to create different users and tie them accordingly to their assigned role. Click on the next sub-menu ‘User’. Note that there are two sections for User configuration, which are the top and bottom sections. Add a new user to the table on the top section, and configure the security control for the user by using the table in the bottom section as shown in screenshot below. Let’s assign the user with highest access level (1000), and select the role ‘Supervisor’ from the drop down list (which we created just now) for him.
Note: ‘Location’ indicates the allowed login IP address for the particular user that associates with level and role, type ‘*’ to allow all.
Besides, remember to create a password for the user by clicking on the column box, as shown in the following. Then save the project.
In order to witness the difference, you may need to create another user and tie him to a role with lower access level. For instance, such a user for role ‘Operator_Area3’ as shown below.
Configure HMI Screen Access
Next, let’s assign some security measure to some of the screens. Click on ‘Screen’ on the left menu to show the existing screens. Note that there is a column for ‘Role’, in which you can pick the role(s) from the drop down list. For this project, let’s make the reports accessible by Supervisor role only.
Lastly, click on ‘Run Project’ to run and test with the results. When the front-end is launched (web browser), click the top right corner to login. For first attempt, let’s try with user with lower level (Operator-007).Proceed to login by typing the correct username and password. Then observe from the screen’s left menu list, there is no reports visible for this user’s role, as what we have configured.
Next, let’s try to login as the other user which we’ve created. Click to logout the existing Operator_007, and similarly login again as Supervisor_007. Now observe the screen menu list again, and noticed that the reports are now visible and accessible.
For different project development, there may have different approach for SCADA security configuration, based on different project requirements. In this training we have experienced on how to set the security level for different users or roles, as well as the access limits for different HMI screens.
Download Ecava IGX today and configure your customized security concerns based on your own project requirements.