[CITL] Proposed Network Change - Blocking Inbound 502/TCP Traffic (External to UCR)

[Jonathan L Ocab]

To the CITL committee:

Due to the appearance of ICS and SCADA devices on the UCR network with IP addresses that are reachable from the Internet and the resulting security risk, ITS proposes blocking inbound traffic (from Internet) to UCR networks over port 502 via TCP.

We would like to make this change immediately and look to CITL first to identify any concerns or potential problems for any unit using these devices.

502/TCP is primarily used for MODBUS and is the standard protocol for industrial control systems (ICS) and other supervisory control and data acquisition (SCADA) devices (e.g., monitoring heating, cooling, electrical usage, etc.). Unfortunately, these systems are often misconfigured with default or no security controls. As a result, unauthorized access could be catastrophic to the University.

It is possible that some units on campus allow external vendors access to their ICS/SCADA devices. If your unit allows this access, ITS and the ISO need to know how they are accessing those systems now so alternate access can be provided to those vendors.

Please send any questions and concerns about this proposed change, as well as information about any known vendor access to SCADA devices, to infosecoffice at ucr.edu by end of day Friday, June 10.

Thank you for your attention to this important security matter.


---
Jonathan Ocab | jonathan.ocab at ucr.edu<mailto:jonathan.ocab at ucr.edu>
Manager, Information Security Operations
Information Security Office
University of California, Riverside
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ucr.edu/pipermail/citl/attachments/20220607/3c06ce8f/attachment.html>