All computer systems that are connected to the Internet are at risk of a cyberattack. Large organizations have IT departments with security specialists to protect their information, but small- and medium-sized organizations without these dedicated resources are especially at risk. Look no further than the evening news to see operations being shut down by sophisticated hackers.
Vice President of Engineering Dan Luna has been working with industrial cybersecurity for 15 years, having completed extensive training including a course from Homeland Security in industrial security, as well as having obtained his ISA-62443 fundamentals certification.
“If you and your staff aren’t familiar with cybersecurity, it can be intimidating and difficult to know where to start,” said Dan Luna. “Not only are there numerous amounts of hardware and software available to protect your operations, there are also daunting price tags accompanying this equipment. EES takes cybersecurity very seriously, and here are some tips and three tools we use regularly to help set up and maintain the security of our clients’ systems.”
Malware and antivirus scanners are used to search for harmful programs and files on a network. They work by scanning new programs and files as they come into the network and determine if the programs will cause any harm. Harmful programs are quarantined and removed before they can do damage to the system. These scanners are a great protection against removable devices that enter the network.
A firewall is a piece of software that isolates the network by regulating incoming and outgoing traffic. When properly set up, a firewall protects the network by preventing malicious intrusions. Firewalls also assist by segmenting the network. Network segmentation is important because it separates components so that there is not universal access to everything from everywhere. When setting up a segmented network, oftentimes similar components are grouped together, but it depends on what each component type needs to have access to. By using network segmentation, any malicious activity is confined to a specific segment and not the entire network.
“An example of segmentation is not having elevators in with the variable frequency drives (VFDs) and not having doors in with other components,” said Dan Luna. “We also do segmentation by not allowing access to the entire network with just one ID.”
Network monitoring tools are used to observe the network and the data moving through it to quickly detect unwanted activity. They show the activity of the system and have diagnostic tools to help when communication goes down. Alerts are set up to notify the user when specific thresholds have been exceeded.
“Network monitoring tools provide even more information than the scanning software,” said Dan Luna. “I can set thresholds for certain network parameters, such as for email volume. If the traffic goes above this threshold, a warning is triggered and we investigate to see if there's a problem.” For example, if all of a sudden, a particular device starts moving megabytes when for its lifetime it only moved a few kilobytes an hour, something changed or an attack is in progress via this device.
“Our network monitors use SNMP, simple network management protocol, as the main engine,” said Dan Luna. “I click on a connection in that tool and then I get the statistics on that link bandwidth. I can also look at history from the past year, so if I see there's been a sudden change then I know that something's going on.”
There are a variety of ways hackers can gain access to sensitive information. A common ploy is to use social engineering such as phishing emails to get employees to click on malicious links, which can result in the installation of viruses, ransomware, and other means to gain access to confidential information. Prevention of social engineering is largely a matter of employee education. “Once hackers are into the system, if no one is using these tools and actively monitoring the situation, hackers could be in there for months before anyone finds out,” said Dan Luna. “Active network monitoring lets you detect issues quickly and shut the network immediately to contain the threat.”
Another means to gain entry to sensitive information is through vulnerabilities in local area networks (LAN). Hackers can gain access to the LAN via WiFi antennas, which are inexpensive and easy to make. “For example, you can make a Yagi antenna out of a Pringles can and other common items,” said Dan Luna. “To guard against this type of intrusion, protect your network with encrypted service set identifiers (SSID).”
“The older WiFi access pendants were encrypted with wired equivalent privacy (WEP), which was very easy to break. If the WiFi router’s firmware is no longer being updated, it needs to be replaced in order to maintain the network’s security.”
“It is important to not only keep the firmware up-to-date, but the hardware as well. Over time, hardware can become obsolete as the support for that model ends and firmware updates are no longer offered. Make sure that firmware updates are still regularly available for your hardware to keep your network secure.”
Setting up scanners, firewalls and network monitoring will help prevent cybersecurity attacks, but they require a proactive and hands-on approach. “Many of our clients choose to be on a service contract where we regularly monitor their networks and update the software and firmware to protect their operations from vulnerabilities,” said Dan Luna. “Often we are the only ones watching this stuff for them, which makes our work all the more critical.”
There is no one-size-fits-all solution, and cybersecurity needs to be customized to fit each client’s needs. While it may be difficult to know where to start or what areas you need to expand, it can be beneficial to bring in outside help. “EES can assist with developing a customized solution, monitoring and responding when dangerous activity is detected, and alerting you when the software and/or hardware needs to be updated,” said Dan Luna. “Understanding and incorporating cybersecurity correctly is vital to keeping your information secure."