NEED SUPPORT? CALL (855) 422-8283

Virtual Armour
Operational Technology vs. Information Technology: Differences, Similarities, & How They Intermix With Industrial Control Systems

Operational Technology vs. Information Technology: Differences, Similarities, & How They Intermix With Industrial Control Systems

Though traditionally operational technology and information technology were kept separate, these two worlds are becoming increasingly intertwined, and both forms of technology are becoming more likely to connect to the internet.

What is Operational Technology?

Operational technology (OT) refers to the hardware and software used to change, monitor, or control physical devices, processes, and events within a company or organization. This form of technology is most commonly used in industrial settings, and the devices this technology refers to typically have more autonomy than information technology devices or programs.

Examples of OT include SCADA (Supervisory Control and Data Acquisition), which is used to gather and analyze data in real-time and is often used to monitor or control plant equipment. Industries such as telecommunications, waste control, water control, and oil and gas refining rely heavily on SCADA systems.

Many types of OT rely on devices such as PLCs (Programmable Logic Controllers), which receive information from input devices or sensors, process the data, and perform specific tasks or output specific information based on pre-programmed parameters. PLCs are often used to do things like monitor machine productivity, track operating temperatures, and automatically stop or start processes. They are also often used to trigger alarms if a machine malfunctions.

Access to OT devices is typically restricted to a small pool of highly trained individuals within an organization, and these types of devices may not be updated or changed for months or even years. Since these devices are highly specialized, they rarely run on standardized operating systems (like iOS or Windows), and instead, generally, require custom software to function.

Operational Technology vs. Information Technology: Differences, Similarities, & How the Intermix With Industrial Control Systems

What is Information Technology?

Information technology (IT) refers to anything related to computer technology, including hardware and software. Your email, for example, falls under the IT umbrella. This form of technology is less common in industrial settings, but often constitutes the technological backbone of most organizations and companies. These devices and programs have little autonomy and are updated frequently.

Access to IT programs and connected devices are typically less restricted than to OT devices, and many, if not all, employees at a given organization may be granted access.

The main difference between OT and IT devices is that OT devices control the physical world, while IT systems manage data.

What are Industrial Control Systems?

Industrial control systems (ICS) are a type of OT and consist of any systems that are used to monitor or control industrial processes. This could include a mining site’s conveyor belt or an alarm that lets employees know if a piece of equipment is getting dangerously close to overheating.

ICSs are often managed by SCADA systems, which may provide users with a graphical user interface. This interface allows the user to observe the system’s current status, enter system adjustments to manage the process, and observe any alarms that indicate something is wrong.

Operational Technology vs. Information Technology: Differences, Similarities, & How the Intermix With Industrial Control Systems

How to Intermix Operational & Information Technology with Industrial Control Systems

At first glance, IT and OT may not seem compatible. OT systems are isolated and self-contained, designed to run autonomously, and rely on proprietary software. On the other hand, IT systems are connected by nature, have little autonomy, and generally run using readily available operating systems. However, incorporating IT into your OT operations can have many benefits.

IT Can Improve OT Operations

In the past, most OT devices were utterly cut off from not only the internet but even most internal networks, and could only physically be accessed by a select few authorized employees. However, it’s becoming increasingly common for OT systems (including ICSs) to be monitored and controlled using IT systems.

While inputs on many OT devices may have traditionally been limited to a physical panel or keypad that required workers to input commands or data physically, more OT systems and devices are now being controlled and monitored remotely via the internet.

IT can be used to make operating an ICS or other OT device easier. IT can be used, for example, to monitor parts and alert employees when a component is failing, allowing the employees to procure and install the spare part before the damaged part fails. By replacing the damaged part before it fails, employees can not only help ensure that production isn’t disrupted but can also prevent a cascading effect if the damaged part’s failure could lead to more extensive damage. A damaged part may not only cause a machine to fail, but that failure could also have serious consequences for the health or safety of employees working nearby.

IT can also provide employees with real-time reports on the state of the OT device, and allow them to respond and correct system errors in seconds. This means that if an alarm goes off to let employees know that a piece of equipment is malfunctioning, they can either shut down the device remotely (reducing the chances of an industrial accident) or otherwise address the situation right away before it becomes more serious.

Don’t Forget to Secure Your Connected OTs

IT systems can be a huge boon for ICS and other OT systems; it can also leave OT systems vulnerable to cybersecurity attacks if appropriate precautions aren’t taken. Any time a device is allowed to connect to the internet, or even to a network that can be accessed via the internet, there is a chance that a cybercriminal could gain unauthorized access.

A cyber attack against an OT device could have catastrophic consequences. Not only can specialized equipment be damaged (resulting in costly repairs), but the damaged equipment could pose a health or safety hazard.

Before you integrate IT into any OT system, it’s vital that you create and implement appropriate cybersecurity protocols. A good MSSP (Managed Services Security Provider) can help you do a thorough audit of your current systems, and help you ensure that adding IT to your ICS or other OT device won’t compromise your cybersecurity.

The Major Cybersecurity Threats of 2018… So Far

The Major Cybersecurity Threats of 2018… So Far

It seems like every year a plethora of cybersecurity threats are unleashed on the public. Cybercriminals are constantly evolving their tactics in order to steal and compromise important information.

Over the past 12 months, we have seen the frequency – and severity – of cyber attacks reach a level of normalcy that large data breaches, such as the recent Equifax or Facebook hacks, are gaining coverage on mainstream media. Many people even know the names of various exploits and malicious programs: NotPeya, Locky, and WannaCry all dominated the international news as online hackers were able to breach huge company securities and cost them billions of dollars. The cybercriminal “underground” network will continue to evolve and grow.

Just over the past couple of years, it’s become simpler to become a cybercriminal. One doesn’t even have to have a lot of technical expertise – just the ability to find the proper tools. The more the media sensationalizes the success of cyber crimes, the more likely cyber thieves are to take notice.

Original Cybersecurity Threat Still Kicking in 2018

What is that ever-constant threat you may ask? Human error.

Unfortunately, the majority of breaches and issues involving cybersecurity are caused internally from your very own employees being unaware of the implications of their actions or overlooking that extra step to keep everyone’s data safe. There are, of course, also internal bad actors with malicious intent that knowingly expose your network/data to vulnerabilities and exploitation.

Before we tackle the big threats heading to a server near you in 2018, let’s have a refresher on the basic cybersecurity measures that should be the default precautions taken to secure your business from outside trouble. All employees should be aware of and properly trained to employ the preventative measures available to them.

Basic Cybersecurity Measures

Below are a few avenues available to all businesses that will help establish security fundamentals. We recommend working with a dedicated security professional or MSP like us to ensure your cybersecurity is appropriate for your needs.

Create the Strongest Password

Not just a strong password, but an inorganic password that isn’t easy to guess or strings together naturally.

Different institutes, business, and such have different password creation requirements. Lafayette University created a strong password guideline for you to ironclad your password regardless of criteria. Set it and don’t forget it.

Another option for robust password security: multi-factor authentication.

Use a Trusted Anti-Virus

Not all anti-virus protection software is created equal and viruses threaten your technology daily. Not only do you want to deploy a virus protection program from a reputable company, but also one that is constantly up to date on the newest hacks and viruses.

Regularly Backup Data

Backing up data regularly and on a set schedule can minimize potential risks associated with data loss and system tampering.

Utilize a Firewall

As the name states, anything incoming and outgoing needs to be granted access to pass the wall of fire.
Firewalls are electronic drawbridges that act as the entryway and exit for all signals and data being sent back and forth. Among other things, they monitor traffic, create checkpoints, and check for unauthorized access.

Shield your networks and devices by installing customized firewalls able to protect your network from the outside world. A strong firewall with a specialized set of security protocols will greatly increase your level of protection.

Learn more: managed firewall services.

Restrict Access to Sensitive Information

Limit access to sensitive data to only authorized users. This will allow for easier tracking of who is accessing what information. The activity that shows up outside the network or by users outside will make it easier to narrow down the issues and quickly implement a plan to rectify it.

Encrypt All Data Where Applicable

Data is always at risk of being vulnerable and it’s most vulnerable during transfer. Encryption helps by masking the data while it is sitting to when it is being transferred between two nodes. Don’t ever be without it.

Hire a Cybersecurity Specialist

Other than training your employees to be aware of and employ the basics of cybersecurity protection, it is still a great idea to consider investing in a quality cybersecurity expert or competent managed services provider.

Having a cybersecurity specialist on hand proactively managing your security will give you peace of mind and time to focus your efforts on other aspects of your business. The last thing any company needs is a major data breach.

Today’s reality demonstrates a need for a meaningful investment in cybersecurity as it becomes easier and less expensive for bad actors to gain access to sophisticated tools.

The Importance of Preventative Measures

Never underestimate the power of prevention. Time, money, and resources spent now includes all of that and potentially much more saved later.

Proactive Prevention vs Passive Reaction

Passively reacting to security problems that arise instead of anticipating potential issues can eventually come back to deal compounded damage.

Getting proactive about developing new strategies or identifying possible gaps in security can provide protection in the long run as new attacks make themselves known.

Cybersecurity Threats of 2018: Old & New

Third-Party Risks in Doing Business

These are data breaches from working with another business or people outside your own team. Once data leaves your servers, that’s it. It’s now up to the people in possession of it to take care of its safety, so how do you protect your data when working with third-parties?
Taking preventative measures for this one can boil down to how you safely exchange and monitor the information shared between parties.

  • Know who you’re doing business with
  • Know what data is being shared
  • Know what applications or mediums are being used to interact with and share data

When hiring contractors, temp workers, or third-party companies, vet them and ensure you understand them, their business, and their intent.

Remote Workforce

Having people work remotely means there is a potential for sensitive data to be taken off-site and exposed for others to take and use it how they wish.

A remote workforce is convenient and cuts down on costs, but also poses the risk of costing you in the long run if precautions aren’t taken from the get-go. Take the necessary steps by being aware of what data your remote workers have access to, and how it’s being used and presented.

Data Breaches & Loss

These days data is a hot ticket item to be used outside their intended purpose. That being said, stealing data is a constant threat that has seen a rise in data loss prevention tactics to counteract the unending string of data hacks that see no sign of letting up.

Data leaks can damage all aspects of a company, its employees, and its clients. It is advisable, not just in 2018, to invest in data loss prevention in the long run.

Everything Connects to the Internet

The Internet of Things is Now a Reality
In 2018, just about everything connects to the internet. Your phone, your car, your television, even your refrigerator. Having multiple devices connected can create unforeseen complications if you’re not careful. With such convenience comes great responsibility in being aware of not only what is connected, but how it is connecting.

Held Hostage by Ransomware

Protect your data by keeping it backed up in a secure location, multiple in fact.

Ransomware involves a hacker holding your systems hostage via encryption and on lockdown. When the ransom is paid the hacker relinquishes control back over to the original owner with a decryption key.
Do not think you are safe in the event this happens and you get your system back. Find and fix the breach immediately or risk further digital hostage situations.

Smartphone Associated Risks

Smartphone Security is Critical
Smartphones are without a doubt absolutely everywhere in 2018. With everyone in possession of a phone, we are now walking signals actively sending and receiving information from the digital sphere. Whether it be data roaming, downloading applications, or browsing the web.

As a precaution, many businesses that deal with sensitive information disallow smartphones past a certain point. Others only allow company granted phones on the premises to prevent breaches in security that could have easily happened with a personal phone.

After All is Secured & Done

After security systems have been installed and accounted for on all platforms after your employees have been educated and made aware, what’s next? Trick question. You might not always know what’s next. That’s the last looming cybersecurity threat to be aware of.

However, that doesn’t mean you can’t prepare and be proactive in catching and fixing malicious attacks against your systems. Or, if you work with us – one of Colorado’s fastest-growing MSP’s – we act proactively on your behalf.

The Dark Side of IOT

The Dark Side of IOT

Written by Tianyi Lu, Senior Systems Engineer- VirtualArmour
As we continue our path towards 40 to 50 billion Internet-connected devices in 2020, there is a looming threat of malicious use cases for all of those “always-on, always-connected” machines. That threat was widely realized by the general public two Friday’s ago when major sites like Netflix, eBay, Twitter, and PayPal all experienced major disruptions. However, it was not the first time a DDoS of epic proportions propagated by IoT devices occurred; about a month earlier, krebsonsecurity.com experienced a record 620 Gbps of DDoS traffic. The same code used on IoT devices which wreaked havoc on Brian Krebs’ security blog was also the culprit of the latest, but much more widespread, disturbance.
The malware, known as “Mirai”, works by compromising internet connected devices like microwaves and lights with default factory usernames and passwords. Unlike a computer, they are not easily changeable or are permanently hard-coded. Once infected, Mirai instructs the IoT devices to send TCP/UDP packets with a destination port of 53 (DNS), targeted towards Dynamic Network Services, better known as Dyn.
First, the attacks focused on Asia Pacific, South America, Eastern Europe, and US-West regions, but then abruptly shifted to the US-East region. Ironically, it was later discovered that the target of the attack was Sony’s PlayStation Network, one of Dyn’s customers, but because of the internet’s reliance on DNS, all of Dyn’s customers were affected. To make matters worse, due to DNS retries, legitimate DNS requests (because Dyn’s DNS servers were unreachable due to being too busy processing all the illegitimate traffic) further added to the strain on the system. Eventually, Dyn brought on all their DDoS scrubbing services online, applied traffic-shaping on the inbound traffic, rebalanced traffic by manipulation of any cast policies, and applied edge filter policies and was able to mitigate the attack. Post-mortem analysis by Dyn suggest approximately 100,000 malicious endpoints contributed to the attack (down from the several million originally thought to have caused the attack due to the legitimate recursive DNS retry traffic mentioned above). There have been some reports of a magnitude in the 1.2 Tbps range, although this figure was not officially confirmed by Dyn.
This attack, like the various breaches at Home Depot, Target, and Sony, once again highlight the importance of InfoSec practices at any organization. Furthermore, because of this attack’s far reaching scope, it also brings to light how truly vulnerable the internet infrastructure that we often take for granted. Core protocols like BGP and DNS that we so heavily rely on were created in a completely different era; an era where Information Security didn’t even cross peoples’ minds. Those were truly days’ past.