Security Control

Security

Today’s security-conscious climate places increasing demands on engineers and integrators to create safe and secure SCADA infrastructure. Whether controlling electrical power distribution facilities, providing potable water, or monitoring natural gas production, modern SCADA systems must prevent system compromise from both internal and external sources. One method by which ClearSCADA accomplishes this is to lock out non-authorized system access while controlling password-based access for legitimate users. Engineers, for example, can have full development and control access while process operators have limited access based on their responsibilities.

To provide this level of access control, ClearSCADA security is configured at an object level during development, where a wide range of permissions are applied to discrete system points.
From a detailed perspective, users or user groups are assigned password-protected levels of access for specific features including, configuration, operation, alarms and database navigation. Security levels are configured on an individual basis or grouped together to share common configuration parameters, thereby reducing setup time. The system uses password encryption, aging, dictionary and inactivity logout. Additionally, all database objects are assigned permissions based on pre-configured users and user-groups. Permissions, which include read and write capabilities, alarm and history control, configuration, security and system administration, are automatically carried over when an object is copied or included in a template instance, thus further reducing overall system setup time. To ease configuration across the database, permissions can also be allocated at the parent level where they are inherited by lower level objects.

Default security settings for new user accounts are set by selecting from a list of pre-defined security levels: None, Weak, Medium, or Strong; or the default settings may be customized.

To satisfy audit-trail requirements the ClearSCADA event journal contains a user field entry for every record. This results in a comprehensive index of time stamped actions, controls, alarms and events including changes to security settings. Using this facility, administrators closely monitor activity relating to specific data points or changes that have occurred to security privileges. Specific events can be extracted from the database via a SQL filter, used to create customized reports, or be easily viewed in ClearSCADA ViewX client with a simple mouse-click function.

Since maintaining secure data flow is as important as the ability to control access, ClearSCADA applies security across all available interfaces including, ViewX, WebX, OLE Automation, ODBC and third party OPC connections. For links using internet networks, Secure Sockets Layers (SSL), Private Keys and Certificates are used to ensure such security.