Authentication has a long way to go at industrial sites
All the advances being made in authentication are going to have to wait for the users to wash their hands and remove their hats before security can be strengthened at many industrial sites.
Such sites, including those in the energy, utilities and water industries, have safety regulations requiring workers to wear hard hats, according to Robin Goatey at St. Louis-based AmerenUE, an energy services company. "We're wearing face shields and masks, which eliminates facial scanning, with dirty and greasy hands that you can't fingerprint," Goatey said, and background noise is too loud for voice verification.
"There is no best practice for authentication in industry," he said, while the need for stronger authentication is growing because much of the old electromechanical relay logic used in Supervisory Control and Data Acquisition (SCADA) systems to control industrial plants has been replaced by computers that require new information security methods.
Still, the greatest threat to the nation's energy, utility and water plants, as with most information resources, is from internal sources, Goatey added, despite the occasional virus that disables controllers using the Windows operating system.
[ Read more ]
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.