In June 2021, in response to a security vulnerability, Microsoft released a Windows update (KB KB5004442) to harden the DCOM component of Windows. Organizations should be aware that many industrial control system applications utilize DCOM protocols. This update can impact the ability of networked devices to communicate, resulting in effects such as the inability to use HMI or SCADA software, or loss of historical tag data.

Some impacted applications include: RSLogix 5/500/5000, RSLinx Classic, FactoryTalk applications, ThinManager, and KEPServer Enterprise.

Champion recommends that organizations review their installed software for use of DCOM and the potential impact of this update. Most ICS software vendors have published information on their affected software as well as possible mitigations for any impacts from applying these updates. For actively maintained software, vendors are working to deliver patches for their software to work with the update. Until these patches are available, it will be necessary to either postpone installation of the Windows updates or apply mitigations to disable the new DCOM hardening features. Be aware, however, that if the Windows updates are installed, it will not be possible to disable the DCOM hardening features after March 14, 2023.

We’re Here to Help

Champion can work with you to help you decide which Windows updates are appropriate to install and deliver those updates to your critical ICS systems. Champion can also provide recommendations on working with software that may no longer be supported by the vendor or assist you with planning upgrade paths. Finally, when things do break, Champion can assist with recovery. We will continue to monitor the situation and be prepared to keep our clients informed.

Wondering if your applications are vulnerable?

Additional information on these changes can be found here: Microsoft.com Support, Microsoft.com MSRC

Are your operators prepared in the event of an abnormal process situation?

Do they know how to actively (and appropriately) respond to alarms?

Mitigate your facility’s risks by providing your operators with training opportunities that improve user confidence and decrease response time to abnormal situations, resulting in using your workforce’s time more effectively.

How, you ask? By empowering your operators by providing them hands-on experience with your specific control system in an isolated/controlled environment, simulating an array of abnormal scenarios that you can’t effectively achieve on-process – and doing so conveniently at your facility or one of Champion’s nearby locations.

STEP 1: IDENTIFY RISK AREAS & PRACTICE RESPONDING

Take a minute to imagine any or all “worst case” scenarios your facility could one day face – that if not handled properly could result in a Health & Safety event, equipment failure, or simply a loss of production. It sounds pretty ominous! But it doesn’t have to. Knowing what these situations are is the first step to mitigating risk and effectively responding – without hesitation and without panic.

Your scenarios typically don’t need to go so far as a “doomsday apocalypse” – often something as simple as a failed sensor or an unrecognized alarm could present risks with untrained personnel.

This is where Champion comes in – to create a “twin” of your control system and operating environment. In this simulated environment, we can introduce any number of scenarios, teaching first how to identify the risk and then how best to respond.

STEP 2: STOP “SNOOZING” THAT ALARM

We’ve all done it from the comfort of our bed – “snoozing” that daily alarm for “just a few more minutes.” Regularly doing the same with control system alarms may be an indication you are due for an assessment by one of Champion’s Alarm Management specialists – but that is a topic for another day!

Training your personnel how to properly identify, evaluate, and respond to alarms and responding to abnormal situations in your facility is a big part of mitigating risks. Using the same example of your control system “twin,” Champion can effectively train users based on your process environment. Each possible abnormal scenario can be triggered in a no-risk environment – with users learning in each case how to respond to an abnormal situation in a timely or correct manner.

STEP 3: WORK SMARTER, NOT HARDER

Training your workforce shouldn’t be a major undertaking – it should be a well-coordinated, preplanned, and efficient use of your personnel’s time. Champion values these goals for all clients, whether providing on-site training at your facility or at one of our strategically located facilities.

• Do you have new personnel or a new facility?
• Is your existing facility undergoing a control system upgrade?
• Do your technical personnel want more flexibility to perform system updates and modifications?

There are plenty of scenarios in which your workforce may benefit from Champion-tailored training solutions for operators, maintenance, and technical personnel. Whether getting everyone up to speed on a new system, comparing changes between a legacy and new system, or learning how to stay agile in the onsite maintenance & updates your site might require.

Want to learn more?

Is your control system approaching its end-of-life product lifecycle?
Does your system rely on replacement parts that are increasingly harder to find?
Is it more difficult to find or hire personnel who have experience with your control system?
It may be time to upgrade. But – How to choose the right system?

When you have identified that it’s time to upgrade your control system, you want to explore all the options that are available to you. It is especially important to find a control system that best fits your application. For example: if you need to upgrade a controller, you would avoid upgrading the entire control system.

Some manufacturers’ control system platforms offer a variety of upgrade and migration solutions and strategies. For some end users, there are migration strategies that may be a better solution than a complete upgrade. In other cases, a complete system upgrade may be the answer. Most of the time the best solution is somewhere in between.

How would you go about choosing which solution or strategy is right for your application? Maybe your company is standardizing on a single platform, which simplifies your options. But sometimes the field of options is wide open.

Understanding your unique needs and expectations is vital to choosing the proper system. This can be a challenging task if you don’t have the required information.

When choosing your control system, you should think about:

Lifecycle of Existing Assets

Pros/Cons of Technology Solution Options

• Evaluated by an unbiased party with hands on experience
• How will the technology solution better enable you to meet industry requirements and best practices such as safety and cybersecurity (ISA, NFPA, CISA)?

Feasibility and Impact of the Solution

• Technology solution and strategy
• Potential downtime and risk mitigation

Maintenance and Support

• Effort required to maintain the system
• Training of staff to maintain the system
• Identify established partners in order to provide timely support

Total Cost of Ownership

• Evaluated by an unbiased party with hands on experience

Champion understands the challenge of a new system meets your requirements, and how it will function or grow for your future needs. Our team specializes in leading clients through the process of choosing a control system that is right for their specific needs – and their budgets. As part of our process, we will work with your team to define your goals and expectations, conduct an assessment, and recommend the best, unbiased solution that aligns with your goals. Bring your control system from the past into the present, while you plan for the future. Contact us today for an assessment to plan your systems roadmap.

Want to learn more about Champion?

Champion Technology Services, Inc. is an industrial control systems integrator that provides OT services across the United States and abroad. Our team includes ISA/IEC 62443 Cybersecurity Experts and GICSP (Global Industrial Cyber Security Professional)-certified professionals in the latest NIST standards. We help small, medium, and large companies assess their existing control systems and implement protocols that meet their facility’s requirements while maintaining our status as an unbiased third-party solution provider.

Champion Technology Services, Inc. is celebrating an incredible milestone: 20 years in business.

What started out as a two-person endeavor in late 2000, steadily matured into a team of 125 people across the country in 2020. Champion has achieved amazing milestones – growing one office into nine, being part of the LSU Top 100, being named Control Engineering’s Systems Integrator Giant, and achieving steady growth year-over-year.

None of this would have been possible without our dedicated team, continual process improvement, and of course – our clients. We are thankful and humbled by our clients’ unwavering dedication!

Through the years, Champion has made strategic adjustments to generate a culture that inspires and empowers talented individuals to make the world a better place through technology. By always staying at the forefront of technology and investing in our team’s professional growth, our clients realize the benefits in their day to day operations.

Whether implementing a control system upgrade, designing a new installation, assessing cybersecurity gaps, improving a facility’s safety systems, or enabling secure remote access for a full suite of OT Managed Services – our commitment to excellence remains steadfast.

At Champion, we believe the success of our clients is a direct reflection of our own efforts and successes. That’s why we will continue to provide the best solutions available at any given time. Independent of any equipment manufacturer or technology platform, our experts partner with you to evaluate needs, make recommendations, and execute the rollout that brings the most value to your facility.

From all of us at Champion, we thank you for trusting in our team to provide the solutions and systems that best achieve your goals. We look forward to the next 20 years, as we continue to grow together.

Want to learn more about Champion?

Champion Technology Services, Inc. is an industrial control systems integrator that provides OT services across the United States and abroad. Our team includes ISA/IEC 62443 Cybersecurity Experts and GICSP (Global Industrial Cyber Security Professional)-certified professionals in the latest NIST standards. We help small, medium, and large companies assess their existing control systems and implement protocols that meet their facility’s requirements while maintaining our status as an unbiased third-party solution provider.

Anytime a new conduit to an ICS network is created – especially one which transits the internet – there is inevitable trepidation about the potential security risks it might create. So, when we talk about creating a tunnel from your network into the cloud, you’re going to have mental alarms going off. This article will describe how Champion keeps your network secure while providing unprecedented levels of service and support.

The Cloud Zone

A security zone is created in the cloud specifically for you. Here, it serves as an extension of the Demilitarized Zone (DMZ) of your control system. The same security concepts that apply to your DMZ apply here as well.

There are only two paths in and out of your cloud zone:

• The Tunnel, as defined below, to your on-premises DMZ.
• Dedicated secure route to our portal servers to enable the features provided by our managed service offering.

These paths are restricted by routing and firewall rules to pass only the authorized data.

No windows administrative connections (RDP, WMI, RPC, and other evil acronyms) can be made from outside the DMZ and cloud zones. All administrative activity happens within the cloud zone via hosted desktop sessions. These sessions are delivered using virtual desktop presentation technologies so that only the video stream leaves, and only keyboard and mouse commands enter. No proprietary data or external threats can be transferred via either cloud path.

The Tunnel

In order to connect your site to the cloud, a tunnel must be created. This tunnel is built using the best available VPN protocols. Like most tunnels, its job is to keep the good things in and the bad things out.

This includes:

• Ensuring that only your DMZ can connect to the cloud zone and only the cloud zone can connect to your DMZ.
• Encrypting the data so that it cannot be monitored by outside forces.
• Ensuring the data stays intact from one end to the other.

The Eyes

It’s often stated that if you can’t see it, you can’t secure it. To ensure your network stays safe, it’s vital to have eyes on the traffic that’s going through it. Like a building with door sensors, motion detectors, smoke detectors, security cameras, and a remote monitoring service… Champion can be your partner in notifying you in real-time of any abnormal activity.

• Intrusion Detection Systems (IDS) designed with OT networks in mind are deployed for your network. These are strictly passive systems that merely sound the alarm if a potential compromise is detected.
• IDS sensors are installed in strategic locations to passively monitor as much of the traffic on your network as possible.
• Firewalls guard all the border crossings of your network. Anyone without the right credentials cannot get through.
• End devices are protected with antivirus software. This blocks malware which makes it to a computer and sends out alerts.
• A Security Information and Event Management (SIEM) server collects real-time data from all these safeguards and more and presents them to Champion’s monitoring team.
• Should an event occur, we’ll notify you immediately. If you authorize it, we can also take action to mitigate any threat per your Incident Response Plan.

The Result

While opening a tunnel between your network and the cloud might sound scary, using the proper technology and partner allows your network and OT assets to be safer than ever. Not only will you be better protected from security threats, but now we can even alert you to process issues before they become big problems.

Remote support engineers can respond even quicker and without introducing you to unnecessary risks like VPN connections from untrusted computers, unmonitored persistent virtual desktop access, or cellular modems.

Interested in learning more or scheduling a free consultation?