What is SCP?
SCP stands for Secure Copy Protocol and is a method for securely copying files between computers over an encrypted connection based on the SSH protocol. It is designed for speed and Security and is often used in management environments.
In OT networks, SCP is used to transfer configurations, log files, or Firmware between Linux-based devices, such as Firewall, Edge Computing, or SIEM servers.
🧠 How does SCP work?
- The user runs the
scpcommand from the client - An encrypted connection is set up via SSH (port 22)
- Files are transferred to or from a remote host
- Authentication is handled via username + password or SSH key
Characteristics:
- CLI-based: fast and scriptable
- Encrypted: protects content and login credentials
- Simple: no additional software required if SSH is available
🏭 SCP in industrial networks
- Uploading Firmware to edge devices or firewalls
- Retrieving log or Audit files from an Engineering Station or Historian
- Automated tasks (via script) for Backup or reporting
- Used within Jump Server or Bastion Host architectures
- Useful for secure transfer in test environments or during commissioning
Example:
scp config.xml user@192.168.0.10:/etc/device/
🔍 SCP vs. SFTP vs. rsync
| Tool | Encrypted | Use | Notes |
|---|---|---|---|
| SCP | ✅ Yes (via SSH) | Simple file transfer | Faster, but less flexible than SFTP |
| SFTP | ✅ Yes (via SSH) | Interactive session + permission management | Most suitable for OT management |
| rsync | ✅ Yes (option -e ssh) | File synchronisation | Efficient for repeated transfers |
🔐 Security aspects
- Always use SSH key authentication where possible
- Restrict SCP access via Firewall or Access Control Lists (ACLs)
- Combine with Logging via SIEM for full audit trails
- Aligned with the requirements of IEC 62443, ISO 27001, provided it is implemented correctly
- Ideally used within defined zones (Purdue Model)
SCP is powerful but should be part of a manageable and auditable access flow.
📌 In summary
SCP is a fast, secure, and simple method for transferring files within OT networks, as long as IT is used within a controlled access and Audit framework.