confined to what their role designates. Their activities will be recorded and an indelible audit trail will be created. In addition to helping guarantee the integrity of IT systems, this is invaluable for forensics and troubleshooting purposes ? and often serves as a deterrent to malicious or unethical behavior. Role-based access can and should be granularly defined to meet CIP and data privacy requirements,? Libenson asserts. ?If a utility works within the framework of these best-practices approaches, a robust access control solution will allow for an easier implementation and enforcement of security policy related to privileged accounts. These technologies serve as a centrally controlled application for password management for the hundreds ? or even thousands ? of systems typically running within a complex, heterogeneous Windows/ UNIX/Linux environment,? Libenson continues. ?By making it easier to authenticate users and automate access restriction, utilities will be a step closer to a secure infrastructure and complying with the multiple requirements within NERC?s CIP regulations,? Libenson concluded. Ceelox is another provider of access control solutions serving the utility industry. The company?s biometric security software solutions are used in multiple vertical markets and businesses including utilities. Securing Utility Assets: The Ways and Means of Critical Infrastructure Protection (Part 2) ?The use of fingerprint biometrics substantially reduces the chance that an unauthorized person could access your computer files, services or networks,? says Ceelox?s kass aiken. ?Each user simply authenticates their identity via a fingerprint scanner. This provides a much stronger access authentication than user name and passwords that can be lost, stolen, forgotten or shared ? whether accidentally or intentionally. The Ceelox identification solution offers convenient password replacement with the swipe of a finger,? Aiken emphasizes. The Ceelox sytem is very flexible and has been used by a Floridabased electric utility to create custom features, permitting multiple employees to access the same workstation with fingerprint biometrics while successfully logging into their individual SCADA sessions with different application-level access. In addition, the solution provided roaming user profiles, so that user settings ?follow? each person from one workstation to another without the need for reprogramming. Gregg Larson of Sensus Metering Systems contends that many of the communication systems deployed across the myriad of data conveyance applications in the utility environment use only a single method of encryption or authentication. ?While the method selected is usually closely tied to the level of complexity and standards set forth by relevant governing bodies for January-February 2009 Issue I 39 Circle 5 on Reader Service Card
