Why Is Cybersecurity Crucial in Automation Systems? Introducing Niagara Security Dashboard!

With the explosive growth of digitalization and the Internet of Things (IoT), automation systems have entered a new era. Whether it's large-scale Building Management Systems (BMS) or small JACE + controller installations, devices are increasingly connected beyond closed networks. While remote access boosts operational efficiency, it also introduces serious cybersecurity risks. In today's environment, security is not an optional extra – it's a fundamental requirement.

Why Should We Care About Cybersecurity?

• Expanding Attack Surface: The number of IP-based devices is increasing dramatically each year, giving attackers more entry points than ever before.

• Threat of Internet Search Engines: Search engines like Shodan can reveal poorly configured or unprotected systems in a matter of minutes.

• Motivated Attackers: Cybercriminals are now primarily driven by financial gain – ransomware attacks and data breaches are the norm.

• Obscurity Is Not Protection: Hiding IP addresses or minimizing publicly shared information is no longer sufficient as a defense.

The Balance Between Security and Convenience

Strengthening cybersecurity often involves trade-offs. Simple port forwarding may be convenient, but it poses a significant threat. On the other hand, VPN-based connections might be slightly slower but provide vastly superior protection.

The goal: to strike the right balance between security and user experience.

Essential Cybersecurity Practices

1. Use Factory Security Settings: Never weaken built-in protections for the sake of easier access.

2. Regular Software Updates: Always run up-to-date versions and maintain an active maintenance agreement (e.g., Niagara SMA).

3. VPN-Based Remote Access: Avoid port forwarding; build a secure VPN network instead.

4. Ensure Physical Security: Lock network cabinets and limit physical access.

5. Understand the NIST Cybersecurity Framework: Use international standards when designing protection strategies.

Strengthening Cybersecurity in Niagara 4 Systems

1. Secure Communication with TLS

Fox, Web, Platform Services:

• Set TLS Only mode across all services. For Fox, use the FoxS (Secure Fox) option and disable the unencrypted Fox port.

• For Web service, use HTTPS (default port: 443).

• The use of at least TLS 1.3 is mandatory.

• Cipher suite setting: prefer the "Recommended" group.

  
  
  
  

  Certificates: 

• Preferably use a certificate signed by a Trusted CA.

• If this is not available, at least a self-signed certificate is required for encryption.

2. Strong Passwords and Authentication Rules

Authentication Service Settings:

• Minimum password length: 10 characters.

• Lowercase, uppercase letters, and numbers are mandatory.

• Do not lower the default security levels – raise them instead.

  
  

  Two-Factor Authentication:

• Integrate Google Authenticator where possible.

  
  

3. Managing the Platform System Passphrase

The System Passphrase is responsible for encrypting internal Niagara system data.

• A new passphrase must be set during fresh installations.

• Treat it with the same level of care as user passwords.

4. User Focus: One Account per Person

Main Guidelines:

• Every person should have their own individual account.

• Mandatory password change upon first login.

• Disable concurrent sessions for high-privilege users.

• Use auto-logout after periods of inactivity.

M2M (Machine-to-Machine) Accounts:

• Do not reuse the same M2M credentials across projects.

• Use unique service accounts per site.

Permission Management:

• Use Roles and Category Service to fine-tune access rights.

5. Regular Updates and VPN Usage

Software Maintenance:

• Use LTS (Long Term Support) versions if frequent updates are not feasible.

• Document all update and patch cycles.

Access Protection:

• VPN is mandatory for accessing sites.

• Never use basic port forwarding.

Discover Niagara Security Dashboard!

Niagara Security Dashboard is a service that enables a centralized overview of a Niagara station’s security configuration—whether it’s a Supervisor or a JACE. On newer stations, it comes pre-installed by default, but for older projects, manual installation may be required.

This tool compares your current station settings against Niagara's recommended security best practices, and highlights any deviations through a clear, user-friendly interface.

How to Activate It?

1. Open the Services folder within your Niagara station.

2. Look for the service called Security Service.

3. If it’s not listed, search for it under the “nss” module in the palette(important: searching for “security” will not return this module).

4. If not installed, you’ll need to install the module via the Software Manager, then restart the station.

   
   

What Can You See on the Dashboard?

• Once opened, the Security Dashboard displays:

  • A summary of how many security aspects are being evaluated.

  • Settings are categorized by Alerts, Warnings, and Info levels.

  • You can separately view the security status of the Supervisor, JACEs, and key services like User Service, Web Service, and Fox Service.

  Examples of Common Issues:

  • A superuser named “admin” – not recommended.

  • No auto-logout configured – a potential security risk.

  • HTTPS in use – good, but using a custom signed certificate is recommended over the default one.

  • Host header validation – should be enabled.

  
  

Why Should You Use It?

✅ Simplified overview – No need to memorize every security setting.

✅ Impress clients – A well-maintained system inspires trust.

✅ Prevents mistakes – Helps identify suboptimal configurations.

✅ Free and easy to use – No extra investment or complex setup required.

Important Notes

• The Security Dashboard does not replace cybersecurity-conscious system design.

• Even if everything shows green, that doesn’t guarantee full protection.

• Always complement with strong passwords, network security, regular updates, etc.

Frequently Asked Questions (FAQ)

❓ How can I install Niagara Security Dashboard if it’s missing?

• First, check whether the NSS module is installed.

• If not, use the Software Manager to install it.

• After installation, restart the station, then add the Security Service from the palette.

❓ Does the Dashboard catch all security issues?

• No. It checks the core and recommended security settings in Niagara.

• Full protection requires additional network and physical security measures.

❓ How often should I check the Dashboard?

• Definitely before project handover.

• Also during scheduled maintenance.

• After system updates or configuration changes (new users, network settings, etc.).

❓ What happens if I ignore a warning or alert?

• Some warnings may be minor, but alerts should never be ignored.

• Critical issues may lead to vulnerabilities that malicious actors could exploit.

• 
  

❓ Can I share the Dashboard results with my client?

• Yes! A green status can help build trust with your client.

• It’s a good practice to include a report in project documentation or audits.

  
  

Summary

Cybersecurity is a fundamental requirement for automation systems—especially in BMS solutions. With careful planning, adherence to industry best practices, and regular tool-based reviews, we can ensure long-term system security.

Niagara Security Dashboard is a simple yet powerful tool to support this process.

Start using it today!

(Source: Broudy Precision, SmartNode Kft, Canva)

Feel free to contact us with any questions!

Contact us and become our contracted partner to receive even more valuable information. We provide our partners with additional technical newsletters, programming guides, and ready-made templates for most of the devices we sell.

You can find additional tools that may be useful to you by clicking on one of the links below: