Edge Gateway Password Management
Jan 5, 2022
Written by: Jon Tandy, Product Application Engineer
Edge computers and security threats — two components of the current digital SCADA and IIoT landscape that are becoming increasingly commonplace.
A recent ransomware attack in 2021 on one of the largest United States liquid petroleum pipeline companies caused almost a complete shutdown of their operations for over a week. In response, the United States government began developing stronger security requirements for the nation’s largest pipeline operators.
High profile corporate security breaches are all-too-frequent occurrences, and the situation is expected to get worse as hackers develop more sophisticated methods. SCADA (control and monitoring) systems are essential for maintaining critical infrastructure networks and are thus attractive targets.
One of the most basic security measures is password management. If passwords are left at default or unchanged for long periods of time, it presents a risk that hackers might gain knowledge of out-of-date security credentials and possibly gain access into a network by means of a less secure device. Edge gateways, such as the RediGate or Director products from Elecsys, are becoming common components of SCADA and IIoT systems to gather data from sensors and controllers. Edge gateways are typically highly capable computation and communication devices with a microprocessor, an operating system, and access into the customer’s network – so they need to be protected against security breaches.
The Elecsys edge gateways use an administrative and a user-level account, with password protection to prevent unwanted access. In the past, manual intervention was required to change the password individually on every gateway device. As regulations become more widely implemented to require regular password updates, this increases the burden placed on operations personnel.
Elecsys has developed a device management solution to help companies save time and resources by automating password updates to their RediGate and Director gateway products. Now, a qualified technician or operations engineer can supply a list of IP addresses and the new username/password, and the script will set the system passwords in all the gateways automatically, without requiring a reconfiguration or restart of the gateway. This same device management solution can be used to perform other operations across a group of gateway devices, such as automatically collecting operational or software version information.