Authentication has a long way to go at industrial sites

Wednesday, 4 June 2003, 11:11 AM EST

All the advances being made in authentication are going to have to wait for the users to wash their hands and remove their hats before security can be strengthened at many industrial sites.

Such sites, including those in the energy, utilities and water industries, have safety regulations requiring workers to wear hard hats, according to Robin Goatey at St. Louis-based AmerenUE, an energy services company. "We're wearing face shields and masks, which eliminates facial scanning, with dirty and greasy hands that you can't fingerprint," Goatey said, and background noise is too loud for voice verification.

"There is no best practice for authentication in industry," he said, while the need for stronger authentication is growing because much of the old electromechanical relay logic used in Supervisory Control and Data Acquisition (SCADA) systems to control industrial plants has been replaced by computers that require new information security methods.

Still, the greatest threat to the nation's energy, utility and water plants, as with most information resources, is from internal sources, Goatey added, despite the occasional virus that disables controllers using the Windows operating system.

[ Read more ]

Related items


Why vulnerability disclosure shouldn’t be a marketing tool

Brian Honan, CEO at BH Consulting, talks about a recent vulnerability disclosure trend – a trend that he believes may ultimately cause more harm than good: security vendors using vulnerability disclosure as a marketing tool with the goal of enhancing their company’s bottom line.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Jul 2nd