Blog Post

Why OT Cybersecurity Can’t Wait

Select Dynamic field

The industrial landscape is evolving. The industrial internet of things (IIoT), artificial intelligence (AI), and advanced data analytics are unlocking new levels of efficiency and productivity. They’re also introducing a new, complex set of challenges for operational technology (OT) cybersecurity. Cyberattacks are becoming more sophisticated, targeting everything from power grids to water treatment facilities.

It's no longer a question of “if” but “when.” Let’s look at some common hurdles to prioritizing OT cybersecurity and explore how a partnership with Champion can help.

Challenges

"Implementing new security measures will disrupt operations or lead to excessive downtime."

By working collaboratively with your team to understand your processes and needs, we will develop a phased approach that integrates seamlessly and minimizes disruption. Ongoing support from our team will bring continuity from implementation to maintenance, ensuring smooth operation.

"Our legacy systems aren’t compatible with modern security tech."

We understand the challenges of securing legacy systems. Our team employs a layered security approach– including network segmentation and access control– to strategically mitigate risk.

"We don’t have the time or resources to design, implement or maintain new cybersecurity measures."

The global cybersecurity talent gap makes building and keeping a top-tier in-house team a constant uphill battle. Partnering with a dedicated solution provider like Champion offers a scalable solution. From meeting compliance standards to implementing cutting-edge tech and innovative strategies, our expert team has you covered.

"Cybersecurity solutions seem expensive, and the return on investment (ROI) isn't always clear."

The cost of a successful cyber attack can be astronomical– encompassing operational disruption, financial loss, and enduring reputational damage.

Recovering a single GB of data from a ransomware attack cost an average of $53,000 in 2023.*

Our risk-based approach and tailored solutions provide measurable improvement in your security posture and maximize your ROI.

The Takeaway

Industrial organizations can no longer afford to overlook cybersecurity. With the ever-evolving threat landscape, a robust security posture is essential for protecting critical infrastructure, ensuring operational continuity, and safeguarding valuable data. Our team is here to keep your operations running safely and securely so you can focus on what you do best.

Contact us today for a free consultation. Together, we can build a more secure future for your organization.

*The Global OT & IoT Threat Landscape Assessment and Analysis Report, Sectrio, 2024

Let's collaborate.

Schedule a no-cost consultation today.

 Contact an expert

solution brief

Asset Management

download

More Posts

Read More
Blog Post

Network Segmentation to Enhance OT Cybersecurity

Select Dynamic field

The proliferation of digital interconnectivity has yielded an ever-expanding attack surface for critical infrastructure and industrial organizations. Securing these operational technology (OT) systems is paramount to maintaining the integrity, safety, and reliability of operations.

What is Network Segmentation?

Network segmentation involves dividing a network into smaller, isolated segments or subnets, each with its own access controls and security measures. Limiting access to sensitive areas effectively minimizes the attack surface, inhibits the mobility of potential threat actors, and prevents the spread of malware across a network.

6 Key Strategies

1. IT/OT Alignment

Collaboration between IT and OT teams is essential for effective planning and implementation of a network segmentation strategy. This may include employee training and awareness initiatives to ensure all stakeholders understand the importance and benefits of segmentation.

2. Identify Critical Assets

Identifying the most critical assets within your OT environment allows you to prioritize their protection, informing a phased implementation approach that minimizes disruption.

3. Network Mapping

A comprehensive discovery and visualization of all entities linked to a network enables teams to better understand data flows, identify vulnerabilities, and simplify monitoring.

4. Define Network Zones

The segmentation plan should group systems with similar security needs into zones and define strict rules for data movement between them.

5. Implementation

Implement the plan with minimal operational disruption by employing a phased approach, gradually rolling out segmentation measures while closely monitoring the impact on operations.

6. Monitor and Maintain

Continuous monitoring of network activity and segment health, regular updates to security protocols, and routine audits ensure your segmentation strategy remains robust over time.

The Takeaway

In an era where cyber threats are becoming increasingly sophisticated, network segmentation is a vital strategy for securing OT environments. By dividing your network into manageable, secure segments, you can protect critical systems, ensure regulatory compliance, and maintain operational resilience.

Contact us today to discuss segmentation strategies tailored to your organization's needs.

Let's collaborate.

Schedule a no-cost consultation today.

 Contact an expert

solution brief

System Hardening

download

More Posts

Read More
Blog Post

Securing Legacy OT Systems

Select Dynamic field

Legacy operational technology (OT) systems are still heavily relied on by much of the industrial and critical infrastructure sectors. As digital transformation becomes the new norm, these legacy systems present complex challenges to implementing vital cybersecurity measures.

The Challenge

Legacy systems may include components that are decades old– meaning their designs never accounted for modern cyberthreats and the implications of digital convergence.

As these systems reach end-of-life (EOL), lack of updates and patches, discontinuation of vendor support, and incompatibilities with emerging tech compound the risk of critical disruption.

Best Practice Solutions

Network Segmentation

By isolating critical systems, you can reduce the spread of cyberattacks and limit the potential impact of security breaches.

Cybersecurity Audits

Regular reviews of cybersecurity policies and controls can identify vulnerabilities, ensure regulatory compliance, and uncover inefficiencies.

Access Control

Enforcing strong authentication, authorization, and accountability mechanisms ensure only the necessary personnel have access to critical systems.

Incident Response Planning

Developing and routinely testing an incident response plan enables the efficient identification and mitigation of cyber incidents.

The Takeaway

Integrating new tech into legacy OT systems can seem daunting, but with an informed understanding of the risks and a commitment to implementing best practices, you can protect your organization’s critical systems and stay competitive in the digital age of industry.

Contact us today to learn how Champion can help your organization reach resilience.

Let's collaborate.

Schedule a no-cost consultation today.

 Contact an expert

solution brief

Disaster Recovery

download

More Posts

Read More
Blog Post

Software Update: Windows DCOM Changes

Select Dynamic field

At a Glance:

  • Distributed Component Object Model Remote Protocol (DCOM) is used for communication between applications running in a Windows environment
  • Microsoft released a Windows update to harden DCOM
  • This update poses risks to ICS applications dependent on DCOM

What's Happening

In June 2021, in response to a security vulnerability, Microsoft released a Windows update (KB5004442) to harden the DCOM component of Windows. Organizations should be aware that many industrial control system applications utilize DCOM protocols. This update can impact the ability of networked devices to communicate, resulting in effects such as the inability to use HMI or SCADA software, or loss of historical tag data.

Some impacted applications include: RSLogix 5/500/5000, RSLinx Classic, FactoryTalk applications, ThinManager, and KEPServer Enterprise.

Champion recommends that organizations review their installed software for use of DCOM and the potential impact of this update. Most ICS software vendors have published information on their affected software as well as possible mitigations for any impacts from applying these updates. For actively maintained software, vendors are working to deliver patches for their software to work with the update. Until these patches are available, it will be necessary to either postpone installation of the Windows updates or apply mitigations to disable the new DCOM hardening features. Be aware, however, that if the Windows updates are installed, it will not be possible to disable the DCOM hardening features after March 14, 2023.

We’re Here to Help

Champion can work with you to help you decide which Windows updates are appropriate to install and deliver those updates to your critical ICS systems. Champion can also provide recommendations on working with software that may no longer be supported by the vendor or assist you with planning upgrade paths. Finally, when things do break, Champion can assist with recovery. We will continue to monitor the situation and be prepared to keep our clients informed.

Wondering if your applications are vulnerable? Contact an expert today.

Additional information on these changes can be found here: Microsoft.com Support, Microsoft.com MSRC

Let's collaborate.

Schedule a no-cost consultation today.

 Contact an expert

solution brief

DCOM Hardening

download

More Posts

Read More
Blog Post

3 Ways to Mitigate Risk Through Training

Select Dynamic field

Are your operators prepared in the event of an abnormal process situation? Do they know how to actively (and appropriately) respond to alarms?

Mitigate your facility’s risks by providing your operators with training opportunities that improve user confidence and decrease response time to abnormal situations, resulting in using your workforce’s time more effectively.

How, you ask? By empowering your operators by providing them hands-on experience with your specific control system in an isolated/controlled environment, simulating an array of abnormal scenarios that you can’t effectively achieve on-process – and doing so conveniently at your facility or one of Champion’s nearby locations.

Step 1: Identify Risk Areas & Practice Responding

Take a minute to imagine any or all “worst case” scenarios your facility could one day face – that if not handled properly could result in a Health & Safety event, equipment failure, or simply a loss of production. It sounds pretty ominous! But it doesn’t have to. Knowing what these situations are is the first step to mitigating risk and effectively responding – without hesitation and without panic.

Your scenarios typically don’t need to go so far as a “doomsday apocalypse” – often something as simple as a failed sensor or an unrecognized alarm could present risks with untrained personnel.

This is where Champion comes in – to create a “twin” of your control system and operating environment. In this simulated environment, we can introduce any number of scenarios, teaching first how to identify the risk and then how best to respond.

Step 2: Stop “Snoozing” That Alarm

We’ve all done it from the comfort of our bed – “snoozing” that daily alarm for “just a few more minutes.” Regularly doing the same with control system alarms may be an indication you are due for an assessment by one of Champion’s Alarm Management specialists – but that is a topic for another day!

Training your personnel how to properly identify, evaluate, and respond to alarms and responding to abnormal situations in your facility is a big part of mitigating risks. Using the same example of your control system “twin,” Champion can effectively train users based on your process environment. Each possible abnormal scenario can be triggered in a no-risk environment – with users learning in each case how to respond to an abnormal situation in a timely or correct manner.

Step 3: Work Smarter, Not Harder

Training your workforce shouldn’t be a major undertaking – it should be a well-coordinated, preplanned, and efficient use of your personnel’s time. Champion values these goals for all clients, whether providing on-site training at your facility or at one of our strategically located facilities.

  • Do you have new personnel or a new facility?
  • Is your existing facility undergoing a control system upgrade?
  • Do your technical personnel want more flexibility to perform system updates and modifications?

There are plenty of scenarios in which your workforce may benefit from Champion-tailored training solutions for operators, maintenance, and technical personnel. Whether getting everyone up to speed on a new system, comparing changes between a legacy and new system, or learning how to stay agile in the onsite maintenance & updates your site might require.

Contact us today to learn more.

Let's collaborate.

Schedule a no-cost consultation today.

 Contact an expert

more on our website

Functional Safety

visit the page

More Posts

Read More
Blog Post

Choosing the Right Control System for Your Facility

Select Dynamic field

Is your control system approaching its end-of-life product lifecycle?
Does your system rely on replacement parts that are increasingly harder to find?
Is it difficult to find personnel experienced with your control system?
It may be time to upgrade.

How do you choose the right system?

When you have identified that it’s time to upgrade your control system, you want to explore all the options that are available to you. It is especially important to find a control system that best fits your application. For example: if you need to upgrade a controller, you will avoid upgrading the entire control system.

Some manufacturers’ control system platforms offer a variety of upgrade and migration solutions and strategies. For some end users, there are migration strategies that may be a better solution than a complete upgrade. In other cases, a complete system upgrade may be the answer. Most of the time the best solution is somewhere in between. Understanding your unique needs and expectations is vital to choosing the proper system. This can be a challenging task if you don’t have the required information.

Some things to consider:

  • Lifecycle of Existing Assets
  • Pros/Cons of Technology Solution Options
    • Evaluated by an unbiased party with hands on experience
    • How will the technology solution better enable you to meet industry requirements and best practices such as safety and cybersecurity (ISA, NFPA, CISA)?
  • Feasibility and Impact of the Solution
    • Technology solution and strategy
    • Potential downtime and risk mitigation
  • Maintenance and Support
    • Effort required to maintain the system
    • Training of staff to maintain the system
    • Identify established partners to provide timely support
  • Total Cost of Ownership
    • Evaluated by an unbiased party with hands on experience

We’re here to help.

Champion understands the challenge of a new system meets your requirements, and how it will function or grow for your future needs. Our team specializes in leading clients through the process of choosing a control system that is right for their specific needs – and their budgets. As part of our process, we will work with your team to define your goals and expectations, conduct an assessment, and recommend the best, unbiased solution that aligns with your goals. Bring your control system from the past into the present, while you plan for the future.

Contact us today for an assessment to plan your systems roadmap.

Let's collaborate.

Schedule a no-cost consultation today.

 Contact an expert

more on our website

Industrial Automation

visit the page

More Posts

Read More
Blog Post

Champion Celebrates 20 Years

Select Dynamic field

What started out as a two-person endeavor in late 2000, steadily matured into a team of 125 people across the country in 2020. Champion has achieved amazing milestones – growing one office into nine, being part of the LSU Top 100, being named Control Engineering’s Systems Integrator Giant, and achieving steady growth year-over-year.

An incredible milestone: 20 years in business

None of this would have been possible without our dedicated team, continual process improvement, and of course – our clients. We are thankful and humbled by our clients’ unwavering dedication!

Through the years, Champion has made strategic adjustments to generate a culture that inspires and empowers talented individuals to make the world a better place through technology. By always staying at the forefront of technology and investing in our team’s professional growth, our clients realize the benefits in their day to day operations.

Whether implementing a control system upgrade, designing a new installation, assessing cybersecurity gaps, improving a facility’s safety systems, or enabling secure remote access for a full suite of OT Managed Services – our commitment to excellence remains steadfast.

At Champion, we believe the success of our clients is a direct reflection of our own efforts and successes. That’s why we will continue to provide the best solutions available at any given time. Independent of any equipment manufacturer or technology platform, our experts partner with you to evaluate needs, make recommendations, and execute the rollout that brings the most value to your facility.

From all of us at Champion, we thank you for trusting in our team to provide the solutions and systems that best achieve your goals. We look forward to the next 20 years, as we continue to grow together.

Contact us today to learn more.

Let's collaborate.

Schedule a no-cost consultation today.

 Contact an expert

MORE ON OUR WEBSITE

About Us

visit the page

More Posts

Read More
Blog Post

Is Remote Access to Your Control System Safe?

Select Dynamic field

Anytime a new conduit to an ICS network is created – especially one which transits the internet – there is inevitable trepidation about the potential security risks it might create. So, when we talk about creating a tunnel from your network into the cloud, you’re going to have mental alarms going off. This article will describe how Champion keeps your network secure while providing unprecedented levels of service and support.

The Cloud Zone

A security zone is created in the cloud specifically for you. Here, it serves as an extension of the Demilitarized Zone (DMZ) of your control system. The same security concepts that apply to your DMZ apply here as well.

There are only two paths in and out of your cloud zone:

  • The Tunnel, as defined below, to your on-premises DMZ.
  • Dedicated secure route to our portal servers to enable the features provided by our managed service offering.

These paths are restricted by routing and firewall rules to pass only the authorized data.

No windows administrative connections (RDP, WMI, RPC, and other evil acronyms) can be made from outside the DMZ and cloud zones. All administrative activity happens within the cloud zone via hosted desktop sessions. These sessions are delivered using virtual desktop presentation technologies so that only the video stream leaves, and only keyboard and mouse commands enter. No proprietary data or external threats can be transferred via either cloud path.

The Tunnel

In order to connect your site to the cloud, a tunnel must be created. This tunnel is built using the best available VPN protocols. Like most tunnels, its job is to keep the good things in and the bad things out.

This includes:

  • Ensuring that only your DMZ can connect to the cloud zone and only the cloud zone can connect to your DMZ.
  • Encrypting the data so that it cannot be monitored by outside forces.
  • Ensuring the data stays intact from one end to the other.

The Eyes

It’s often stated that if you can’t see it, you can’t secure it. To ensure your network stays safe, it’s vital to have eyes on the traffic that’s going through it. Like a building with door sensors, motion detectors, smoke detectors, security cameras, and a remote monitoring service, Champion can be your partner in notifying you in real-time of any abnormal activity.

  • Intrusion Detection Systems (IDS) designed with OT networks in mind are deployed for your network. These are strictly passive systems that merely sound the alarm if a potential compromise is detected.
    IDS sensors are installed in strategic locations to passively monitor as much of the traffic on your network as possible.
  • Firewalls guard all the border crossings of your network. Anyone without the right credentials cannot get through.
  • End devices are protected with antivirus software. This blocks malware which makes it to a computer and sends out alerts.
  • A Security Information and Event Management (SIEM) server collects real-time data from all these safeguards and more and presents them to Champion’s monitoring team.
  • Should an event occur, we’ll notify you immediately. If you authorize it, we can also take action to mitigate any threat per your Incident Response Plan.

The Result

While opening a tunnel between your network and the cloud might sound scary, using the proper technology and partner allows your network and OT assets to be safer than ever. Not only will you be better protected from security threats, but now we can even alert you to process issues before they become big problems.

Remote support engineers can respond even quicker and without introducing you to unnecessary risks like VPN connections from untrusted computers, unmonitored persistent virtual desktop access, or cellular modems.

Contact us today to schedule a no-cost consultation today.

Let's collaborate.

Schedule a no-cost consultation today.

 Contact an expert

more on our website

Digital Transformation

visit the page

More Posts

Read More
Blog Post

The Top 5 Differences Between IT and OT

Select Dynamic field

While everyone is familiar with the term “IT” (Information Technology), the term “OT” (Operational Technology) is far less familiar to the general public. That is not to say OT is newly emerging; quite the opposite. Over the last two decades, IT and OT have begun to converge. You’ve likely heard terms like “IIoT” (Industrial Internet of Things) or “Industry 4.0.” But there are unique differences that set OT apart from IT.

Production

While IT is extremely important at the corporate (or “Enterprise”) level, OT is the livelihood of any facility. The mission of any OT system is to achieve the greatest production output with the least amount of downtime possible.

Since production is the livelihood of any industrial facility, so too are the operational systems that keep them moving. Loss of production for any reason has a direct impact on a company’s bottom-line. Whether due to an outdated, unreliable platform, poor configuration, unprepared support staff, or insecure technology allowing for system breaches – many factors can affect production. Be sure to utilize an OT specialist with the experience to reach your maximum production output.

Safety

IT and OT must both be vigilant in mitigating security risks. However, IT’s risks generally lend themselves to trade secrets and corporate accountability. OT’s risks can be much more tangible: Unsafe operating conditions or monitoring can result in health and safety issues such as fatalities or environmental catastrophes.

In past years, many have taken the “air gap” approach to securing their OT control systems – keeping any production equipment separated from Internet-connected Enterprise equipment. In theory – and in a time before flash drives and smartphones – this was enough to mitigate operational risks. But, as consumer technologies emerged, so too did many large-scale security breaches affecting Industrial Control Systems.

Air gapped systems that were not physically connected to the Internet would run on outdated security patches because they were seemingly “secure.” With the advent of devices like flash drives and smartphones, however, control systems around the globe became vulnerable. Cyber-attacks could now halt production, disable critical safety systems, or result in catastrophic loss simply by altering production readings.

Having a team of Globally Certified Cybersecurity Experts at your fingertips is now vital for any industrial environment.

Skillset

While the fundamental principles of IT networks are shared with OT networks, Industrial Control Systems require a much more specialized set of skills to implement and maintain. For starters, the very environment of each are vastly different. IT networks are often climate-controlled in office environments, whereas OT networks can be exposed to extreme elements and process environments.

More importantly, what sets OT professionals apart is their knowledge of how to implement specific industry processes, using a range of industrial controls across multiple platforms. Lastly, they must use this knowledge to make everything communicate in an efficient, reliable, and intuitive manner.

With vast experience across numerous industries, platforms and technologies, Champion’s OT professionals deliver on this expertise.

Cost of Ownership

The natural lifecycle of IT versus OT lends itself to completely different budget approaches. While IT environments typically change every 12-18 months, OT environments can last 10-15 years or more – if they are properly designed and maintained. Therefore planning for Total Cost of Ownership (TCO) takes not just different expertise but also a different approach and methodology to achieve a comprehensive cost.

The key to enabling Industrial Control Systems for the extended durations is proper maintenance and support. In addition to cybersecurity risk mitigation, including budgetary funds for preventive maintenance and support is essential in any OT environment. As a system ages, it is key to provide regular security patches, scheduled backups, and a supply of spare parts to achieve the greatest production output.

Champion’s knowledge of these items, paired with our 24UP® Solutions, allow customers to tailor specific needs into one easily-predictable budgetary plan.

Compliance

Whether for the safety of workers, surrounding communities, or the environment, compliance standards are often far more stringent on OT systems. Federal and state agencies regularly monitor and regulate industrial processes due to their inherent ability to impact the community at large.

Another unique difference between IT and OT is the types of compliance each must meet. Industrial Control processes are typically subject to far more scrutiny due to their ability to impact more than a corporate entity; if improperly maintained, a process can harm employees, communities, or the environment. For this reason, it is imperative that OT systems function correctly and reliably.

OT networks continuously monitor process stages, operating temperatures and pressures, environmental emissions, leaks, or any other number of factors associated with the facility. Having reliable systems in place not only raise overall safety. They allow companies to provide real-time or historic reporting to compliance agencies, such as the EPA, DEQ, FDA, or OSHA.

Champion engineers and professionals hold the experience necessary to implement the reliable OT systems our customers demand.

Contact us today to schedule a no-cost consultation!

Let's collaborate.

Schedule a no-cost consultation today.

 Contact an expert

more on our website

Industrial Automation

visit the page

More Posts

Read More
Blog Post

3 Reasons an “Air Gap” is Not Good Enough

Select Dynamic field

Is an Air-Gap “Good Enough” to keep your Industrial Control System secure? Short answer: No. And here’s why…

“Security by isolation” or air-gapping previously worked in Operational Technology (OT) environments when OT and IT were completely isolated from one another. Many older systems based on PLC’s and SCADA were built without cybersecurity in mind. OT and IT are now converging as organizations embrace the digital transformation, and security experts are now declaring the air gap dead as security by isolation is not a long-term solution for protecting OT assets.

Air Gapping an OT system has very limited value in today’s constant technological advances. It can no longer be used as a sole security solution in the long term for three reasons:

  • It causes organizations to miss out on valuable data.
  • It is more costly and difficult for maintenance and repairs.
  • It is more prone to security breaches than a “connected” OT system.

Missing out on Data

While air-gapped OT systems can minimize risks, organizations are not able to benefit from the highly valuable data these systems generate. Data analyzed in real time can provide business intelligence to cut costs, reduce downtime, and improve efficiency. These opportunity costs outweigh air-gapping as a viable cyber security measure.

Higher Maintenance Costs

Maintaining air-gapped OT systems are more expensive and difficult because the engineering tools of a connected system cannot be used to perform routine maintenance or troubleshoot problems. It also limits the system from secure remote support by technical experts. Without remote access, facilities experience higher support costs and increased downtime. The reality is that even a properly air-gapped system is not completely protected; Every system is a potential breach target, and even air-gapped systems can be infiltrated. Organizations must engage in active monitoring and security measures to mitigate the risks.

Reduced Security

Air Gaps can be physically breached by a third-party networked laptop, USB drive, removable media, smartphone, or other devices. Allowing OT systems to connect with these devices creates vulnerabilities that air gapping cannot protect against. Air gapping makes it difficult for users to move back and forth between the air-gapped device and network-connected devices. For ease of use, an individual may use an unsecure USB drive to transfer data which could compromise an air-gapped system.

OT infrastructure is only as secure as the user operating the devices. An openly accessible USB port can serve as an entry route for malware. Smartphones provide another convenient route to cross air gaps when switched to Wi-Fi hotspot mode. The Wi-Fi hotspots can also be used as an entry point by hackers or those with ill intentions. 

90+% of randomly found USB drives are picked up by the casual person and more than half are plugged into a PC.
Source: Kapersky

Why your OT control systems can’t afford cybersecurity shortcuts:

OT cyber-attacks are more dangerous in nature. An OT attack can pose risks to operational and safety systems, employees, plant, and environment. Because the outcome of an OT cyber-attack is more catastrophic, it is essential that organizations prioritize cybersecurity. While air gapping provides some security, it is not the best option to select in the competitive marketplace.

Air gapped control systems are also more vulnerable because they don’t receive the latest Windows security patches easily, therefore are usually neglected. As new virus threats emerge, the OT system will likely be unprotected, unlike its Enterprise counterpart.

We must accept the fact that air gapping as a security control is no longer a valid option. IT and OT will continue to converge leaving air gapping to be useless. Facilities should take advantage of the opportunities from integrated technologies to reduce costs and downtime while improving efficiency. While doing so, they must prioritize OT security to lessen the risk and still capitalize on the advantages of a connected IT and OT world.

Contact us today to schedule a no-cost consult today.

Let's collaborate.

Schedule a no-cost consultation today.

 Contact an expert

more on our website

Industrial Cybersecurity

visit the page

More Posts

Read More