products

Smart security: Defence in depth

Security is more than just encryption. It’s about ensuring that the entire SCADA network is protected and that all vulnerabilities are secured against attack, whether accidental or malicious.

The Aprisa SR family incorporates an in depth approach to security, what we call a 360 degree approach. This takes into account security fundamentals, types and sources of attack, and protecting all data and management interfaces, as well as incorporating industry standards and recommendations. This approach protects against passive eavesdropping, active denial of service, ‘man-in-the-middle’ attacks and attacks at a management level. The Aprisa SR and Aprisa SR+ security includes all of the following:

  • AES-256 encryption as standard: ensuring the confidentiality of all transmitted information
  • Proprietary wireless protocol: based on 802.15.4 MAC and a proprietary PHY. This combines a standardised and extensively tested protocol with selected proprietary features to avoid over the air interception and manipulation of data
  • Segregated traffic flow: allowing operators to isolate radio nodes and SCADA equipment
  • Licensed radio spectrum: ensuring that you are the only authorised user of the spectrum, avoiding interference from others using the same band
  • Management interface protection including authentication, secure web interface, encrypted firmware upgrades and ICMP and UDP/TCP port blocking
  • Address filtering, to ensure that the traffic across the network originates from an authorised source and only packets that have the correct address details are passed on
  • Data authentication using CCM-based authenticated encryption algorithm, to protect integrity of information and mitigate replay attack and ‘man-in-the-middle’ attacks
  • Over the air rekeying (OTAR): Enhanced security key management via over-the-air re-keying (OTAR) enables users to change the network encryption keys at regular intervals to improve network security. Keys can be distributed securely throughout the network to outstations without the need to visit individual sites. Encryption key distribution is managed through the web based SuperVisor application

The security of the Aprisa SR family extends to the fact that it is a privately owned and controlled network, avoiding dependence on any third party operators. It is your critical infrastructure: why trust it to anyone else?

Smart security: smart SCADA.

Get smart and contact us to find out more about how you could benefit from the Aprisa SR and Aprisa SR+.

 

  • Aprisa SR Technical Paper - SCADA a 360 degree approach to security

    English

    Download | 481.1 k ( .pdf )