24 Apr

Address your Vulnerabilities in Cyber Security

Address your Vulnerabilities in Cyber Security

Control Engineering recently published the results of their 2014 Cyber Security study. Data was collected from individuals directly involved in their organization’s cyber security efforts. The most alarming results involved threat levels and vulnerability assessments. A quarter of respondents claimed their threat was high and nearly the same amount reported they had never performed a vulnerability assessment.

Cyber security continues to be a hot topic as plant assets become more interconnected. These systems provide huge benefits for optimization and monetary gain. With each new addition or replacement in a plant, safety and security measures should be considered.

Threat levels can’t always be changed. Certain systems must be connected to the internet and some industries are targets simply by existing. For example, power plants are tied to national security. There is no avoiding the threat level and need for security. The good thing is, effective cyber security is out there.

Vulnerability assessments are crucial to defining where the largest threats are at.  When people think of cyber security, they usually consider computer viruses and hackers. While these are very real threats, a vulnerability assessment may bring to light other areas of concern, such as internal threats. The perfect example of this is flash drives. While they may be convenient to use and seem harmless, a person can accidentally transfer a virus with these devices.

Cyber security measures are just as important as plant safety. When systems are at risk, the machines they control may also be at risk. With so much of today’s businesses revolving around cyber data, going without cyber security is no longer an option.

15 May

Securely One Step Ahead

This photo, “Computer Security” is copyright (c) 2014 Intel Free Press and made available under an Attribution 2.0 Generic license

Hackers take all shapes and sizes. Some are as big as the government fears, working for terrorist organizations with the goal of crippling countries or corporations. Others are just looking for personal gain or personal entertainment, tinkering with expensive computer technology to do so. We have posted a few blogs this year talked about cyber security. As more and more information emerges about the vulnerability of industrial control systems, we have seen the necessity to examine our own security measures in order to provide our clients total and complete protection from hackers. It is time that we stay one step ahead of the hackers.

The past few years have seen industry systems hacked in record numbers. While this is a new problem, it stands to reason that any system that has the potential to be hacked should have some serious protection. Think about the two most common personal computer operating systems – Windows and iOS. Most hackers targeted Windows, allowing the iOS system to maintain a reputation of cyber security. However, one of the reasons why Microsoft was so popular for viruses and hackers was simply because more people had a Windows operating system, providing hackers a larger target. Today, even Apple is not immune to security pitfalls. The only way to ensure the operations controlled through any computerized program remain secure is to have optimal cyber security as well.

Cyber security needs to move on from simply protecting the information on personal computers. We now live in a world where we have to ask ourselves, what would happen if someone hacked into an energy plant? What damage could someone cause by hacking into a food processing plant?

We pride ourselves with our ability to provide safe operating systems for our clients using our SORA system. Even so, we are constantly looking for new ways to improve our security system. Hackers will always be looking for ways to break through the current security systems. This only means that we need to strive to stay one step ahead of them.

 

 

06 Mar

Prepare for Cyber Security in 2013

Prepare for Cyber Security in 2013

According to a recent newsletter from Invensys, responses to cyber-attacks on America’s critical infrastructure by the Industrial Control Systems – Cyber Emergency Response Team (ICS-CERT), a department of Homeland Security, rose by 52 percent in 2012. The biggest target was energy firms, accounting for 40 percent of attacks. Also on the list of industry sectors that fell victim to cyber-attacks in 2012 are the water sector, oil and natural gas sectors, nuclear sectors and chemical organizations. The frequency of these attacks is expected to increase, making the cyber security of America’s infrastructure firms paramount.

Using the internet can often be a necessary evil. One the one hand, it allows people to communicate instantly across countries any time of day. In our world, where entire businesses can be created and maintained online, these same businesses can be taken over by hackers with malicious intent.

Control systems devices that are directly connected or controlled through the internet are of particular concern to ICS-CERT, as malicious control over these systems could have catastrophic consequences. Consider a simple boiler, with control systems that enable a delicate combustion process to safely produce steam. If something happened to the formula, or if the burner or fan cannot be turned off when they need to, serious injury can result to the boiler and to plant employees.

This issue is so serious, the United States has an entire division, the National Cyber Security Division, to protect the U.S. from and fight against cyber-attacks. Cyber security is a national security issue, with recent news reports claiming The New York Times was hacked by Chinese hackers. In 2012, Iran is allegedly responsible for a large number of cyber-attacks against major U.S. banks. Cyber security is now more than simply guarding files or even guarding a business. Increasingly, cyber security is essential for protection against terrorist, be they local or abroad.

The looming question, then, is what to do at your business. The first step is to have solid policies and procedures in place that every employee is trained in. About 25 percent of malware attacks came from USB drives. In addition, no matter how much money you throw at cyber security, none of it matters if you don’t have employee compliance. Making sure procedures are in place and are followed can be greater security than any program you pay for.

Securing your control systems is also crucial. This can be done through remote support systems, such as our diagnostic support we provide, code named SORA. In this way, the internet connection used by the control systems is no longer your responsibility. It is the responsibility of the remote support provider. With such a system in place, even if malicious software makes it onto your business computers, it won’t be able to access your control systems and a certain amount of safety can be maintained.

Another great cyber security tip is what the Invensys newsletter calls “defense in-depth” security. This type of security involves have multiple security programs working on one system, where one programs vulnerability is made up for by having an additional program that does not have that vulnerability.

Lastly, secure passwords are a must. Someone with malicious intent has no need to use viruses or hacking software if they know the password they need to gain access to the system. Some sites, like Facebook and Google, are catching on. Facebook provides the option to have a text sent to the profile owner’s cellphone whenever an unauthorized computer accesses the account, allowing people to act quickly if they are not the ones accessing the profile. Google has an optional two step security measure on their email. After typing in the correct password, Google sends a secret code to the account holder’s cell phone. The number must be entered to access the account.

Even Apple can no longer claim its devices are spared from viruses and hackers. In the coming weeks, Synergy will be exploring the most popular free and paid security programs for computers and smartphones.

What type of security do you have at your home or business? Do you have any concerns going into 2013?