Category Archives for "Operational Technology (OT)"

May 8, 2022

Software Update: Windows DCOM Changes

At A Glance 

  • Distributed Component Object Model Remote Protocol (DCOM) is used for communication between applications running in a Windows environment 
  • Microsoft released a Windows update to harden DCOM
  • This update poses risks to ICS applications dependent on DCOM

In June 2021, in response to a security vulnerability, Microsoft released a Windows update (KB KB5004442) to harden the DCOM component of Windows. Organizations should be aware that many industrial control system applications utilize DCOM protocols. This update can impact the ability of networked devices to communicate, resulting in effects such as the inability to use HMI or SCADA software, or loss of historical tag data. 

Some impacted applications include: RSLogix 5/500/5000, RSLinx Classic, FactoryTalk applications, ThinManager, and KEPServer Enterprise.

Champion recommends that organizations review their installed software for use of DCOM and the potential impact of this update. Most ICS software vendors have published information on their affected software as well as possible mitigations for any impacts from applying these updates. For actively maintained software, vendors are working to deliver patches for their software to work with the update. Until these patches are available, it will be necessary to either postpone installation of the Windows updates or apply mitigations to disable the new DCOM hardening features. Be aware, however, that if the Windows updates are installed, it will not be possible to disable the DCOM hardening features after March 14, 2023. 

We’re Here to Help  

Champion can work with you to help you decide which Windows updates are appropriate to install and deliver those updates to your critical ICS systems. Champion can also provide recommendations on working with software that may no longer be supported by the vendor or assist you with planning upgrade paths. Finally, when things do break, Champion can assist with recovery. We will continue to monitor the situation and be prepared to keep our clients informed.

Wondering if your applications are vulnerable?

Contact our OT Solutions Group at otsolutions@champtechnology.com. 

 

Additional information on these changes can be found here: Microsoft.com Support, Microsoft.com MSRC

December 15, 2021

Apache Log4j Vulnerability Quick Guide

What is the Apache Log4j Logging Service Vulnerability?

Apache Log4j is one of the most popular web server logging utilities used in thousands of software applications. The Apache Log4j logging service (v 2.14.1 and below) vulnerability can allow malicious users to remotely execute code which can compromise the integrity of the system. 

Why is this considered a severe threat?

Any software with a web-based client or configuration component may be affected if it uses the Apache Log4j library. Some of these valuable assets can include Virtualization Hypervisor servers, accounting software packages, and software that runs on firewalls protecting your environments.

What can you do RIGHT NOW to address the vulnerability?

  1. Reach out to your software vendors to see if they have vulnerability updates or workarounds.
  2. Many firewall software and End Point protection platforms have built-in update tools. Make sure your firewalls and End Point protections are up to date and patched.
  3. Check in with your software vendor to make sure all patches are up to date.

What to do in case your systems are affected?

If any active machines at your facility have vulnerable software with no readily-available fix, we recommend turning the off the machine(s) until a fix has been found. This is recommended for non-business critical assets only.

What is Champion doing?

Champion is reaching out to our OT software partners and vendors to compile a list of known affected products, along with remediation strategies. We can also assist in verifying that your OT environments are safe. 


                    

                        Review the list

More information on this vulnerability can be found at these sites:

Statement from CISA Director Easterly on “Log4j” Vulnerability | CISA

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228

January 6, 2021

Champion Celebrates 20 Years

Celebrating 20 Years

FOR IMMEDIATE RELEASE

Champion Technology Services, Inc. is celebrating an incredible milestone:  20 years in business.

What started out as a two-person endeavor in late 2000, steadily matured into a team of 125 people across the country in 2020. Champion has achieved amazing milestones – growing one office into nine, being part of the LSU Top 100, being named Control Engineering’s Systems Integrator Giant, and achieving steady growth year-over-year.

None of this would have been possible without our dedicated team, continual process improvement, and of course – our clients.  We are thankful and humbled by our clients’ unwavering dedication!

Through the years, Champion has made strategic adjustments to generate a culture that inspires and empowers talented individuals to make the world a better place through technology.  By always staying at the forefront of technology and investing in our team’s professional growth, our clients realize the benefits in their day to day operations.

Whether implementing a control system upgrade, designing a new installation, assessing cybersecurity gaps, improving a facility’s safety systems, or enabling secure remote access for a full suite of OT Managed Services – our commitment to excellence remains steadfast.

At Champion, we believe the success of our clients is a direct reflection of our own efforts and successes.  That’s why we will continue to provide the best solutions available at any given time.  Independent of any equipment manufacturer or technology platform, our experts partner with you to evaluate needs, make recommendations, and execute the rollout that brings the most value to your facility.

From all of us at Champion, we thank you for trusting in our team to provide the solutions and systems that best achieve your goals.  We look forward to the next 20 years, as we continue to grow together.

Want to learn more about Champion? Contact us!

Champion Technology Services, Inc. is an industrial control systems integrator that provides OT services across the United States and abroad. Our team includes ISA/IEC 62443 Cybersecurity Experts and GICSP (Global Industrial Cyber Security Professional)-certified professionals in the latest NIST standards. We help small, medium, and large companies assess their existing control systems and implement protocols that meet their facility’s requirements while maintaining our status as an unbiased third-party solution provider.

June 29, 2020

Is Remote Access to Your Control System Safe?

Anytime a new conduit to an ICS network is created – especially one which transits the internet – there is inevitable trepidation about the potential security risks it might create. So, when we talk about creating a tunnel from your network into the cloud, you’re going to have mental alarms going off. This article will describe how Champion keeps your network secure while providing unprecedented levels of service and support.

The Cloud Zone

A security zone is created in the cloud specifically for you. Here, it serves as an extension of the Demilitarized Zone (DMZ) of your control system. The same security concepts that apply to your DMZ apply here as well.

There are only two paths in and out of your cloud zone:

  1. The Tunnel, as defined below, to your on-premises DMZ.
  2. Dedicated secure route to our portal servers to enable the features provided by our managed service offering.

These paths are restricted by routing and firewall rules to pass only the authorized data.

No windows administrative connections (RDP, WMI, RPC, and other evil acronyms) can be made from outside the DMZ and cloud zones. All administrative activity happens within the cloud zone via hosted desktop sessions. These sessions are delivered using virtual desktop presentation technologies so that only the video stream leaves, and only keyboard and mouse commands enter. No proprietary data or external threats can be transferred via either cloud path.

The Tunnel

In order to connect your site to the cloud, a tunnel must be created. This tunnel is built using the best available VPN protocols . Like most tunnels, its job is to keep the good things in and the bad things out.

This includes:

  • Ensuring that only your DMZ can connect to the cloud zone and only the cloud zone can connect to your DMZ.
  • Encrypting the data so that it cannot be monitored by outside forces.
  • Ensuring the data stays intact from one end to the other.

The Eyes

It’s often stated that if you can’t see it, you can’t secure it. To ensure your network stays safe, it’s vital to have eyes on the traffic that’s going through it. Like a building with door sensors, motion detectors, smoke detectors, security cameras, and a remote monitoring service… Champion can be your partner in notifying you in real-time of any abnormal activity.

  • Intrusion Detection Systems (IDS) designed with OT networks in mind are deployed for your network. These are strictly passive systems that merely sound the alarm if a potential compromise is detected.
  • IDS sensors are installed in strategic locations to passively monitor as much of the traffic on your network as possible.
  • Firewalls guard all the border crossings of your network. Anyone without the right credentials cannot get through.
  • End devices are protected with antivirus software. This blocks malware which makes it to a computer and sends out alerts.
  • A Security Information and Event Management (SIEM) server collects real-time data from all these safeguards and more and presents them to Champion’s monitoring team.
  • Should an event occur, we’ll notify you immediately. If you authorize it, we can also take action to mitigate any threat per your Incident Response Plan.

The Result

While opening a tunnel between your network and the cloud might sound scary, using the proper technology and partner allows your network and OT assets to be safer than ever. Not only will you be better protected from security threats, but now we can even alert you to process issues before they become big problems.

Remote support engineers can respond even quicker and without introducing you to unnecessary risks like VPN connections from untrusted computers, unmonitored persistent virtual desktop access, or cellular modems.

Want to learn more? 
Contact us with questions, or to receive a free consultation!

Champion Technology Services, Inc. is an industrial control systems integrator that provides OT services across the United States and abroad. Our team includes ISA/IEC 62443 Cybersecurity Experts and GICSP (Global Industrial Cyber Security Professional)-certified professionals in the latest NIST standards. We help small, medium, and large companies assess their existing control systems and implement protocols that meet their facility’s requirements while maintaining our status as an unbiased third-party solution provider.

June 29, 2020

The Top 5 Differences Between IT and OT

While everyone is familiar with the term “IT” (Information Technology), the term “OT” (Operational Technology) is far less familiar to the general public.  That is not to say OT is newly emerging; quite the opposite.  Over the last two decades, IT and OT have begun to converge.  You’ve likely heard terms like “IIoT” (Industrial Internet of Things) or “Industry 4.0.”  But there are unique differences that set OT apart from IT:

  • Production: 
    While IT is extremely important at the corporate (or “Enterprise”) level, OT is the livelihood of any facility.  The mission of any OT system is to achieve the greatest production output with the least amount of downtime possible.
  • Safety: 
    IT and OT must both be vigilant in mitigating security risks.  However, IT’s risks generally lend themselves to trade secrets and corporate accountability.  OT’s risks can be much more tangible:  Unsafe operating conditions or monitoring can result in health and safety issues such as fatalities or environmental catastrophes.
  • Skillset: 
    IT and OT have overlapping skillsets with technological approaches, but OT requires much more specialized experience with respect to the OT systems.  From understanding an industry’s production process, to the integration of many diverse L0/L1 devices and systems into one cohesive and intuitive platform, to the safety and alarm management of the process.
  • Cost of Ownership: 
    The lifecycle on IT and OT systems are vastly different.  Whereas IT’s typical lifetime on equipment is about 12-18 months, OT is generally more robust and operate longer – often lasting 10-15 years.  Therefore planning for Total Cost of Ownership (TCO) takes not just different expertise but also a different approach and methodology to achieve a comprehensive cost.
  • Compliance: 
    Whether for the safety of workers, surrounding communities, or the environment, compliance standards are often far more stringent on OT systems.  Federal and state agencies regularly monitor and regulate industrial processes due to their inherent ability to impact the community at large.

Production

Since production is the livelihood of any industrial facility, so too are the operational systems that keep them moving.  Loss of production for any reason has a direct impact on a company’s bottom-line.  Whether due to an outdated, unreliable platform, poor configuration, unprepared support staff, or insecure technology allowing for system breaches – many factors can affect production.  Be sure to utilize an OT specialist with the experience to reach your maximum production output.

Safety

Securing proprietary information is a major concern with any corporate IT network.  But cybersecurity is equally (if not more) important for a facility’s Industrial Control Systems.  In past years, many have taken the “air gap” approach to securing their OT control systems – keeping any production equipment separated from Internet-connected Enterprise equipment.  In theory – and in a time before flash drives and smartphones – this was enough to mitigate operational risks.  But, as consumer technologies emerged, so too did many large-scale security breaches affecting Industrial Control Systems. 

Air gapped systems that were not physically connected to the Internet would run on outdated security patches because they were seemingly “secure.”  With the advent of devices like flash drives and smartphones, however, control systems around the globe became vulnerable.  Cyber-attacks could now halt production, disable critical safety systems, or result in catastrophic loss simply by altering production readings.

Having a team of Globally Certified Cybersecurity Experts at your fingertips is now vital for any industrial environment.

Skillset

While the fundamental principles of IT networks are shared with OT networks, Industrial Control Systems require a much more specialized set of skills to implement and maintain.  For starters, the very environment of each are vastly different.  IT networks are often climate-controlled in office environments, whereas OT networks can be exposed to extreme elements and process environments.

More importantly, what sets OT professionals apart is their knowledge of how to implement specific industry processes, using a range of industrial controls across multiple platforms.  Lastly, they must use this knowledge to make everything communicate in an efficient, reliable, and intuitive manner.

With vast experience across numerous industries, platforms and technologies, Champion’s OT professionals deliver on this expertise.

Cost of Ownership

The natural lifecycle of IT versus OT lends itself to completely different budget approaches.  While IT environments typically change every 12-18 months, OT environments can last 10-15 years or more – if they are properly designed and maintained.

The key to enabling Industrial Control Systems for the extended durations is proper maintenance and support.  In addition to cybersecurity risk mitigation, including budgetary funds for preventive maintenance and support is essential in any OT environment.  As a system ages, it is key to provide regular security patches, scheduled backups, and a supply of spare parts to achieve the greatest production output.

Champion’s knowledge of these items, paired with our 24UP Support Solutions, allow customers to tailor specific needs into one easily-predictable budgetary plan.

Compliance

Another unique difference between IT and OT is the types of compliance each must meet.  Industrial Control processes are typically subject to far more scrutiny due to their ability to impact more than a corporate entity; if improperly maintained, a process can harm employees, communities, or the environment.  For this reason, it is imperative that OT systems function correctly and reliably.

OT networks continuously monitor process stages, operating temperatures and pressures, environmental emissions, leaks, or any other number of factors associated with the facility.  Having reliable systems in place not only raise overall safety.  They allow companies to provide real-time or historic reporting to compliance agencies, such as the EPA, DEQ, FDA, or OSHA.

Champion engineers and professionals hold the experience necessary to implement the reliable OT systems our customers demand.

Want to learn more? 
Contact us with questions, or to receive a free consultation!

Champion Technology Services, Inc. is an industrial control systems integrator that provides OT services across the United States and abroad. Our team includes ISA/IEC 62443 Cybersecurity Experts and GICSP (Global Industrial Cyber Security Professional)-certified professionals in the latest NIST standards. We help small, medium, and large companies assess their existing control systems and implement protocols that meet their facility’s requirements while maintaining our status as an unbiased third-party solution provider.

June 29, 2020

3 Reasons an “Air Gap” is Not Good Enough

Is an Air-Gap “Good Enough” to keep your Industrial Control System secure?  Short answer:  No.

And here’s why…

“Security by isolation” or air-gapping previously worked in Operational Technology (OT) environments when OT and IT were completely isolated from one another. Many older systems based on PLC’s and SCADA were built without cybersecurity in mind. OT and IT are now converging as organizations embrace the digital transformation, and security experts are now declaring the air gap dead as security by isolation is not a long-term solution for protecting OT assets.

Air Gapping an OT system has very limited value in today’s constant technological advances. It can no longer be used as a sole security solution in the long term for three reasons:

  • It causes organizations to miss out on valuable data.
  • It is more costly and difficult for maintenance and repairs.
  • It is more prone to security breaches than a “connected” OT system.

Missing out on Data

While air-gapped OT systems can minimize risks, organizations are not able to benefit from the highly valuable data these systems generate. Data analyzed in real time can provide business intelligence to cut costs, reduce downtime, and improve efficiency. These opportunity costs outweigh air-gapping as a viable cyber security measure.

Higher Maintenance Costs

Maintaining air-gapped OT systems are more expensive and difficult because the engineering tools of a connected system cannot be used to perform routine maintenance or troubleshoot problems.  It also limits the system from secure remote support by technical experts. Without remote access, facilities experience higher support costs and increased downtime. The reality is that even a properly air-gapped system is not completely protected; Every system is a potential breach target, and even air-gapped systems can be infiltrated. Organizations must engage in active monitoring and security measures to mitigate the risks.

Reduced Security

Air Gaps can be physically breached by a third-party networked laptop, USB drive, removable media, smartphone, or other devices. Allowing OT systems to connect with these devices creates vulnerabilities that air gapping cannot protect against. Air gapping makes it difficult for users to move back and forth between the air-gapped device and network-connected devices. For ease of use, an individual may use an unsecure USB drive to transfer data which could compromise an air-gapped system.

OT infrastructure is only as secure as the user operating the devices. An openly accessible USB port can serve as an entry route for malware. Smartphones provide another convenient route to cross air gaps when switched to Wi-Fi hotspot mode. The Wi-Fi hotspots can also be used as an entry point by hackers or those with ill intentions.  

FUN FACT: 
90+% of randomly found USB drives are picked up by the casual person and more than half are plugged into a PC.

 Source: Kapersky

Why your OT control systems can’t afford cybersecurity shortcuts:

OT cyber-attacks are more dangerous in nature. An OT attack can pose risks to operational and safety systems, employees, plant, and environment. Because the outcome of an OT cyber-attack is more catastrophic, it is essential that organizations prioritize cybersecurity. While air gapping provides some security, it is not the best option to select in the competitive marketplace.

Air gapped control systems are also more vulnerable because they don’t receive the latest Windows security patches easily, therefore are usually neglected. As new virus threats emerge, the OT system will likely be unprotected, unlike its Enterprise counterpart.

We must accept the fact that air gapping as a security control is no longer a valid option.  IT and OT will continue to converge leaving air gapping to be useless. Facilities should take advantage of the opportunities from integrated technologies to reduce costs and downtime while improving efficiency. While doing so, they must prioritize OT security to lessen the risk and still capitalize on the advantages of a connected IT and OT world.

Want to learn more? 
Contact us with questions, or to receive a free consultation!

October 8, 2019

Humans: A Weak Link in Network Security

Have you noticed in recent years, the topic of Cybersecurity has become increasingly popular?

A number of studies have found that untrained employees are the biggest threat to an organization’s network security.  A study[1] by ESI ThoughtLab found that 87% of executives are aware of this fact.  Consequently, companies of all industries and sizes are now putting more focus on preventing (or minimizing) attacks by investing in training for employees using Operational Technology (OT) systems including Industrial Control Systems.

The examples below[2] are common pitfalls when there are human-factor vulnerabilities:

  • Operators using OT workstations in the same manner as an IT device or home computer. For example: Uploading photos, plugging in smartphones, downloading games or potentially corrupt software, using unsecured USB drives, visiting unsecure websites, and more.
  • Operators accidentally click on a link in a phishing email from an operator station
  • Poor credential management: Allowing unrestricted access to system areas or functions that are not needed for an operator’s job role
  • Incident preparedness: No incident response program.  What if something did happen?  Is there a well prepared plan in place?
  • User’s credentials are not removed from system when leaving the company.

So, what if I’m not an expert?

That’s OK!  Even trained employees are human.  The good news is many weak links can be prevented by improving the security of your ICS network. 

Champion’s Certified Cybersecurity Experts are trained in the latest ISA/IEC 62443 and NIST standards for Industrial Cybersecurity.  This means you benefit from the most current, comprehensive safeguards for your operations.

Industrial Cybersecurity is an ongoing cycle of assessing vulnerabilities, implementing solutions, and maintaining secure operations without production downtime.

Champion can help you by providing Vulnerability & Risk Assessments of your current network, then offer System Hardening and Configuration to mitigate risks.  We can also help you in developing Cybersecurity Policies and Procedures, implementing best practices, and recovery steps for incident response in the event of an attack.  We can even host a complete backup of your control system to get you up and running with little or no downtime, should a major disaster strike.

Lastly, as your Cybersecurity Experts, Champion can maintain a secure live Intrusion Detection & System Recovery Systems, Investigate Incidents, and provide a comprehensive incident response plan that fits your needs.

Want to learn more?  Contact an expert today!

Champion Technology Services, Inc. is an industrial control systems integrator that provides cybersecurity services across the United States and abroad. Our team includes ISA/IEC 62443 Cybersecurity Experts and GICSP (Global Industrial Cyber Security Professional)-certified professionals. We help small, medium, and large companies assess their existing control systems and implement cybersecurity protocols that meet their facility’s requirements while maintaining our status as an unbiased third-party cybersecurity solution provider.

References:

[1] Source:  https://www.controleng.com/articles/untrained-staff-is-the-biggest-cyber-risk-according-to-report/

[2] Source:  https://www.exida.com/Blog/cyberattacks-succeed-where-humans-and-systems-are-weak 

>