Challenge: Eliminating Passwords and Securing Remote Sites with SCADA
For South Tahoe, security, specifically safeguarding facility assets, is a top priority. Through SCADA, they implemented a policy requiring that all system passwords contain at least 15 characters. However, remembering complex passwords and expecting administrators to track multiple passwords across resources presented its own challenges. It soon became clear that South Tahoe needed to simplify its procedures, yet compromising on the security of its facilities was not an option. Rather than requiring its crew to remember a second 15-character password just for the remote sites, South Tahoe turned to the CyberLock system.
Passwords within SCADA protected South Tahoe’s pumps and generators, including those at the Luther Pass Pump Station site. This facility exports all of the treated wastewater out of the Lake Tahoe Basin to the Harvey Place Reservoir, on their Diamond Valley Ranch property. The Luther Pass Pump Station regulates up to four million gallons of wastewater daily, all of which is controlled by the SCADA application. South Tahoe is held responsible for any effluent that touches the ground or escapes the system. Accordingly, securing the application that is ultimately responsible for controlling the flow of waste is of the utmost importance.
Solution: CyberLock
South Tahoe installed CyberLock to secure remote SCADA applications that controlled the operation of pumps and generators. Mission critical software is secured with CyberKey smart keys, rather than a password. CyberKey smart keys are programmed with scheduled access permissions, permitting access only during certain dates and times. South Tahoe personnel are given an access schedule within their assigned CyberKey. During their shift, the CyberKey will open the SCADA application, allowing the operator to start or stop pumps and generators. However, outside of their assigned shift time, the CyberKey smart key will deny access to the SCADA application, recording details of the unauthorized access attempt.
Now that access to critical facilities is protected by CyberLock, Chris Skelly explains "We no longer worry about the SCADA application going unattended," and adds that there is no longer cause for concern "if a disgruntled employee, or a member of the public comes in and tries to access the application."
Another added benefit is that the CyberLock system can be hosted entirely by South Tahoe, on its own servers. With sites located far from major urban centers, like Reno and Sacramento, South Tahoe does not always have access to a reliable Internet connection, meaning cloud and web-based platforms are not practical. With CyberLock, South Tahoe is even able to provide smart keys to other departments, such as natural gas, electric, and miscellaneous contractors. With CyberLock’s comprehensive audit trail data, stored in both smart keys and locks, South Tahoe can monitor the whereabouts of each key.
Since adopting CyberLock over 10 years ago, the system has surpassed South Tahoe's needs and expectations. With hundreds of locks, padlocks, and keys currently deployed, South Tahoe has continued to expand their CyberLock hardware and software. Through SCADA and CyberLock, South Tahoe ensures that the public can continue to enjoy drinking, swimming, and recreating in the pristine, beautiful waters surrounding the Lake Tahoe Basin.