Exciting Leadership Promotions in the E Tech Group-West Coast Team
We are thrilled to share several key promotions within the West Coast group that reflect the outstanding talent and leadership within our team.
We’re your source for automation news. Keep up with the latest industry updates and E Tech employee spotlights, as well as tips and guidance from our manufacturing experts.
We are thrilled to share several key promotions within the West Coast group that reflect the outstanding talent and leadership within our team.
E Tech Group, a leading provider of advanced engineering solutions, is excited to announce that it has attained Ignition Premier Integrator status. This prestigious recognition is awarded by Inductive Automation, the developer of the Ignition SCADA (Supervisory Control and Data Acquisition) platform.
In today’s manufacturing landscape, the convergence of IT (Informational Technology) and OT (Operational Technology) systems plays a critical role in driving efficiency, empowering in-depth data analysis, and optimizing operations. This integration enables real-time monitoring and facilitates well-informed decision-making by consolidating data from diverse sources. However, it also brings significant security challenges, as it expands the potential for attacks and amalgamates traditionally isolated systems. The heightened connectivity between IT and OT may create vulnerabilities that malicious actors could exploit to disrupt operational processes and access sensitive data. As a result, comprehensive and advanced security strategies are imperative to fortify these integrated environments.
In this free webinar, we will verify truths and address common misconceptions about industrial network security that allow our IT and OT audience to gain valuable insights based on client experiences. You will leave with best practices and practical solutions that enhance the security of the IT and OT environments in your facility.
E Tech Group team members, Matt Smith, Network Architect, and Laurie Cavanaugh, Vice President of Business Development leads this webinar debunking security myths while deliver tips and best practices on OT network security.
Complete the form and view the full webinar.
When a food and beverage manufacturer experienced a cyberattack, E Tech Group’s prior IT/OT assessment and network improvements protected the facility, ensuring operational continuity and minimizing damage to the enterprise network.
Author contributor: Solutions Architect, Kevin Romer
When a food and beverage industry manufacturer faced a cyberattack, the previously implemented best practices for network architecture minimized the damage. E Tech Group had conducted a thorough IT/OT assessment for the company, based on which they also designed and installed essential network improvements. Consequently, all OT assets remained inaccessible to the attacker. The facility continued operating at full capacity while mitigating the limited damage to the enterprise network.
An E Tech Group food and beverage client recently had a successful breach of their enterprise network. However, because this manufacturer had previously worked with E Tech Group associates to complete recommendations stemming from an IT/OT assessment, the scope of the attack was limited to the IT side of the network and was caught early. As a result, critical assets remained out of reach and production was not impacted.
This article discusses the networking strategies that were implemented by this client well ahead of the cyberattack. It then presents the timeline of events that occurred due to the attack, the consequences, as well as the potential consequences had the network not been properly configured and secured. Finally, it should be stated that a great deal of network security best practices involves some amount of hidden information, about both a network’s structure, as well as the security tools that guard it. As a result, the brands of equipment installed within this facility are not identified.
A predominant high-level characteristic of the management team within this company was their forward-thinking and proactive approach. As a team, this group thrived on learning about how new technology and trends within the industry could benefit their facility, including those surrounding security.
In 2018, an E Tech Group associate assessed the facility’s network, uncovering significant vulnerabilities in its architecture. Of particular concern was the lack of proper isolation between the IT and OT networks, which posed a serious risk of allowing attackers to breach the IT network and gain access to critical infrastructure in the OT network. In response to these findings, management adopted recommended security measures, specifically implementing a demilitarized zone (DMZ) architecture as part of their proactive approach to network security.
The following list outlines some of the basic strategies for industrial network security. These strategies include the following:
This design helps to ensure that in the event of a breach in the outer layer, the supplementary layers will remain effective in safeguarding the OT network including the industrial control systems and the critical infrastructure dependent on it. This particular manufacturer further strengthened their security posture by implementing a network threat detection engine.
Each component of the DMZ architecture and the threat detection engine is discussed in more detail below.
The OT network firewall is designed specifically to protect critical infrastructure and will typically include:
By segregating the facility’s network into distinct IT and OT domains, unique access policies can be enforced through separate domain controllers. In this specific instance, despite an attacker compromising the enterprise network, access to the OT network was effectively prevented because it operated independently within its own domain and required completely separate login credentials.
The following list outlines the sequence of events that occurred during the cyberattack at the food and beverage facility:
These measures prevented the attack from spreading to critical OT infrastructure, highlighting the effectiveness of preemptive cybersecurity strategies in maintaining operational continuity during security incidents.
Worst Case Scenario: What Could Have Been
Had this facility not prioritized implementing OT networking best practices, the outcome of this cyberattack would likely have been much worse.
Without the separation of the IT and OT domains and distinct domain controllers, the facility would have been governed by a singular domain. Upon obtaining access to it, the threat actor would have easily been able to traverse the entire network of the facility, including into the OT network. Some consequences within the OT network may have included:
Identifying the Attack Vector
The analysis completed during the remediation process revealed that the threat actor had entered the enterprise network through an incorrectly configured cloud-based server that had access to the enterprise. They had obtained a valid username and password, allowing them to access the network. Once they had access, they began gathering information about the network and its vulnerabilities.
This learning phase of a cyberattack is known as reconnaissance. It is a very common strategy used by cyber attackers to maximize the amount of damage they deliver to the victim. By maximizing damages, the victim is highly compelled to pay exorbitant ransom fees to reestablish their business.
The Threat Detection Engine Identified the Threat Actor
In this breach, the network threat detection engine detected traffic that the threat actor was initiating to gather information about the backup system. This traffic, deviating from expected patterns, was flagged as an anomaly by the engine. Without the threat detection engine monitoring the network, the attackers could have remained unnoticed for a much longer period. This delay would have allowed them to gather extensive knowledge about the facility’s operations before executing a full-scale attack.
E Tech Group’s IT/OT Remediation Prevents a Hostage Situation
In conclusion, although this food and beverage manufacturer faced the challenge of a cyberattack, their proactive cybersecurity posture significantly limited the breach’s impact. By adhering to the recommendations from an IT/OT assessment, they ensured the OT network remained secure and operational, preventing any disruption to their critical infrastructure.
This case exemplifies the importance of forward-thinking security strategies in protecting vital industrial operations and maintaining business continuity amidst cyber threats. E Tech Group can identify your vulnerabilities with a thorough IT/OT risk assessment, after which we recommend, and can also perform, remediations to ensure your next experience with a cyberattack is containable and your assets are protected.
What is a domain controller?
A domain controller is a server in a Windows Active Directory domain that manages network security and enforces security policies for a network. It authenticates users, stores their account information, and controls their access to network resources such as files, printers and applications. Domain controllers play a crucial role in centralized network management, ensuring secure access and efficient administration of user accounts and permissions within an organization’s network infrastructure.
What is a firewall?
A firewall acts as the first line of defense for a network, effectively creating a barrier between an external untrusted network (such as the internet) and an internal network. It monitors and filters incoming and outgoing network traffic based on pre-determined rules to control what traffic can enter or leave the network.
In comparison to a traditional firewall, a Next Generation Firewall (NGFW) adds advanced monitoring capabilities including:
Overall, NGFWs provide robust network protection and visibility, empowering organizations to secure their networks from a wide range of cyber threats while maintaining control over application usage and network access.
WhaWhat is an OT threat detection engine?
An OT threat detection engine is a specialized tool used in industries like manufacturing and utilities to actively search for and detect potential security threats in Operational Technology (OT) networks. It monitors network traffic for unusual activity, focusing on how OT devices communicate to identify unauthorized access or malicious actions. By leveraging databases of known threats, it enhances its ability to prevent issues before they impact operations. Real-time alerts enable prompt action by teams to safeguard industrial systems, ensuring they operate securely and without disruption.
Unlike a network firewall, which primarily acts as a barrier to prevent unauthorized access, an OT threat detection engine operates deeper within the OT network. It can monitor and analyze network traffic that a firewall may not see, searching for unusual or suspicious activity. While a firewall enforces access rules at the network perimeter, a threat detection engine monitors internal traffic, capable of detecting threats that slip through the firewall or originate internally.
Threat detection engines utilize advanced data analytics and machine learning algorithms to model traffic patterns and effectively identify anomalies. Unlike firewalls that rely on static rules, threat detection engines adapt based on evolving threat intelligence, enhancing their ability to detect emerging threats. They generate alerts and provide detailed information to support the mitigation process during an attack, ensuring proactive defense measures can be implemented swiftly.
What is a jump box?
In IT/OT networking, a jump box is a secure computer acting as the sole entry point into the isolated OT network. Users must connect to the jump box first before accessing critical infrastructure within the OT network. Access to the jump box is tightly regulated using advanced security measures including multi-factor authentication and strict access controls. Authorized users who successfully authenticate through the jump box are granted access to manage and interact with devices and servers on the OT network. By serving as the exclusive gateway, the jump box minimizes the risk of successful cyberattacks entering the highly sensitive OT network.
Examples of unusual, suspicious transactions between the domain controller and back-up system may include:
What is exfiltration of data?
During a ransomware attack, it’s common for data from the system to be exfiltrated. The process of exfiltration involves the transfer of sensitive or confidential information or data off the network to a location under the control of the threat actor. This data breach can have wide reaching impact, including the loss of:
Cyber Attackers Want to Maximize Damage, IT/OT Remediation Will Minimize Damage
A modern cyberattack will typically go through distinct phases as the attacker moves from reconnaissance to gaining access and then to full-scale execution of the attack. It may be several months before the actual attack occurs, as the threat actor will spend this time learning everything they can about the company, their operation, their process, and their network structure.
During each phase, an attacker may use a variety of network analysis tools to better understand the victim’s facility, associated vulnerabilities, location of sensitive data, and best means of data exfiltration. The learning phase allows an attacker to strategize the best approach to disrupting a facility.
In a previous article, we argued the importance of cybersecurity to manufacturers as process automation becomes more integral to success and cyberattacks become more and more common. It included alarming data about the rising frequency of attacks on critical infrastructure and the large costs associated with them.
Manufacturers must continue to evaluate, manage, and secure their networks and consequently, their vital assets, even as they strive to reap the benefits of digitalization, and an IT/OT assessment of your facility’s assets is the perfect place to start.
Reach out to us here and someone will respond within 24 hours.
"*" indicates required fields
E Tech Group © 2024 | All Rights Reserved.