We have seen the issue ourselves: A malware attack crosses the bridge from your network PCs to the controllers in your industrial machines. Your shop floor comes to a halt until you can recover. The effort is painful as you deal with embedded and stand-aside controllers running out-dated versions of Windows, limited network options, and compatibility issues.
The risk is so great, that ZDNet is reporting that the world’s largest and most well-known hacking contest, Pwn2Own, will focus on software for industrial equipment. Reflecting the reality of current threats, the sponsoring organizations and the “white hat” hackers themselves see an urgent need to bring the issue of protecting your industrial equipment to the forefront.
Fortunately, best practices can help protect your operations.
While it is not always possible to protect your industrial equipment with “next gen” endpoint protection, you can take steps to protect yourselves from potentially devastating attacks and accidents.
- The network on which your production systems run should be physically or logically separate from other networks — office, voice, etc. — running in your business.
- Unless the equipment needs to communicate with the manufacturer, cloud-based systems, or other locations, the production systems network should not have paths to the outside world.
- If the equipment needs to communicate externally, setup secure VPNs for all traffic.
- Whenever possible, update and maintain your industrial systems to run current versions of the manufacturer’s software and the underlying operating system. Too many production machines are running obsolete versions of Windows that cannot be secured from attack.
- Before moving any software or programming to a system, explicitly scan the files for malware.
- Communicate with your employees about the risks and steps they can take to prevent a cyber attack to your industrial equipment as well as their computers and other devices.
Please contact us for more information or to assess your risk and discuss solutions.