Cyber Security Awareness Month & Data Breaches
We close off Cyber Security Awareness month with another very large company having millions of their customers personal data stolen.
The failure of these large companies is generally not a singular specific failure but a series of technical decisions, unresolved issues, and general laziness that builds up and an opportunistic attacker finds the door open or unlocked.
Cybersecurity is not a product you buy, turn on, and then “hope its working”. It is the same approach that companies have had to learn in regards to OHS/EHS and Workplace Safety and Risk Management.
If you look at any other small to medium sized enterprises, they usually have well integrated HR and safety systems, yet their cyber-security systems aren’t up to scratch. Further demonstrating the need for Cyber Security Awareness.
We will still need to prevent forklift accidents, physical labour injuries and work place harassment, and we will need to protect our staff from cyber attacks that can expose their financial and material wellbeing, protect their cyber activities from harassment, and protect the infrastructure they all depend on from outages, breakages or hostile interference.
Your car and fridge now have internet access, your children are easily exposed to unsavoury actors online, and your passport has a computer chip that allows you walk through airport customs quicker. The world’s digital, and your company’s engagement with it must be to the same level as you engage with physical and workplace security and safety.
How OpusV and Security go hand in hand.
A lot of what OpusV does when it engages with a new client, is to turn on ALL the information that we can gather and import that to a central location. We need to know what data the business has, and what it is doing with it.
One of the key aspects of the Australian Energy Sector Cyber Security Framework (AESCSF) is “Situational Awareness” which requires you to understand what your network, systems and people are doing at any given time.
For OpusV, we routinely see Power Farms with good HMI (Human-Machine Interface) and SCADA dashboards that tell you what the SCADA system is seeing and doing. Yet only a minority of these plants have any visibility to the communications paths these SCADA systems run on, or the computer infrastructure they live on.
OpusV has built out a range of monitoring, telemetry and event alerting systems that bring a more complete picture to an O&M operator or Asset Manager on how the entire plant is operating.
We have done a lot of consulting and troubleshooting on plants where the issue is presumed to be the networks fault, but after referencing the data, we end up pinpointing the issue to a different key system. Regardless of who or what is at fault, should be simple to determine based on data easily at hand on any good plant that meets the Situational Awareness practices of the AESCSF. Having good data, makes for easier decision making and discovery.
The great thing about implementing a good visibility setup, is that it can be extremely light touch to operational technology (OT) equipment and networks. It uses extremely minimal resources, bandwidth, processing power, and provides exponentially valuable insights into your plants function and even capacity.
Too often people leave OT equipment untouched for fear of causing issues, but OpusV has been working on networks with OT devices (for over 20 years), Thoroughly testing and mapping how monitoring systems interact with them. We have yet to cause an outage with our monitoring and visibility solutions, and we have solved innumerable problems by simply having the data to inform the troubleshooting and solution hunting.
Some simple questions to ask of your network:
- How often do devices lose connectivity, and why do they lose this connectivity?
(Answers: Might be turning on and off as a maintenance, or as a fault. It might be a sign of faulty or degrading cabling)
- How much bandwidth is in use on my core network? Or on my WAN connection? Am I in danger of loss of communications due to congestion?
(Answers: A lot of remote power farms utilise 4G with non-guaranteed bandwidth, and you can see through monitoring when congestion delays are occurring, which can even affect timely dispatch response)
- Are communications between OT equipment (say between an RTU and a PPC) occurring as expected, or are you seeing unexplainable changes in what should be near predictable control traffic?
(Answers: Traffic profile changes, either an increase or reduction in bandwidth usage profiles, can be an early indicator of unusual behaviour, either through impending malfunction, external threat actor, or misconfigured systems)
We are always happy to chat with asset managers and O&M on how simple a network visibility dashboard can be implemented, and how the maturity pathway to better Situational Awareness and more information can inform how you run a plant with less of the sudden generation interruption moments.