In SCADA and ICS environment each and every system component is characterized by a specific role, having unique network behavior related to the other system components
- The SCADA server will manage communication with the RTUs and PLCs, Will provide services to the working stations and manage writing to the historian server.
- PLCs and RTUs communicates with the SCADA server and occasionally connected by engineering stations
- Working stations connects to the SCADA server and don’t require connectivity to any other of the system components.
- Historian server database, get write commands from the SCADA server and the data is read by operational intelligence solutions for reports generation.
Due to this relatively simple network behavior, it is possible to use Firewall policies to Alert and even block unauthorized activities and as a result enhancing significantly the system security.
We would like to authorize communication in Modbus protocol between the SCADA server and the PLCs and communication between the SCADA server and the historian server.
While on the same time we want to ban any communication between the workstation the PLCs and historian server. At this current situation, even if the workstation will be infected by a malware which will attempt to communicate with the PLCs and the historian server, the attempt will fail and the traffic will be blocked.