Cybersecurity And Facilities Systems

By Dave Englebrick
From the August 2020 Issue

New technology and internet connectivity provide an efficient, economical way for organizations to manage their operational technologies (OT) and IoT devices remotely. As these systems, devices, and supporting networks become more connected, they also become more exposed to vulnerabilities, such as cyberattacks. A holistic, systematic assessment of the OT/IoT and IT infrastructure can identify vulnerabilities and protect the cybersecurity of the facility and the entire organization.

Know The Basics: IT, OT, And IoT

• Information technology (IT) is the use of computers to store, retrieve, transmit, and manipulate data or information. IT is typically used within the context of business operations as opposed to personal or entertainment technologies.
• Operational technology (OT) is hardware and software that detects or causes a change through the direct monitoring and/or control of physical devices.
• The Internet of Things (IoT) is a system of interrelated computing devices, mechanical and digital machines provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.

Understand Why OT/IoT Is New Target For Cyberattacks

For years, networks that support OT have relied on proprietary protocols and software that were used for monitoring and administration of building management systems (BMS) or building automation systems (BAS). These systems were closed to the outside world and the internet, making them an insignificant target for hackers, as there was nothing to gain or destroy. In today’s world, the attack vector has changed, as we see more OT/IoT networks being connected to the internet for monitoring and remediation. As we see these systems being brought online, they are delivering smart analytics, giving organizations a single view into their systems. Opening network communication to OT/IoT, however, comes with its challenges.

OT/IoT cybersecurity involves protecting information and systems from major cyberthreats. The rate of internet connections is outpacing organizations’ abilities to secure these. The largest driver of crime will be the least protected networks and systems found in the OT/IoT world.

While many organizations have developed mature processes and controls for securing and protecting their IT networks and systems, the networks related to OT/IoT are overlooked, leaving them the perfect target for cyberthreats. Cyberattacks can inflict serious damage, and can be costly (estimated in the millions) if a breach occurs, spanning not only impact to an organization’s bottom line, but also brand reputation, long-term business viability, and even injuries or loss of life.

Traditionally, IT has been separated from OT. As we see these two worlds merging, not only are IT and OT becoming more interconnected, but both technologies are increasingly connected to the internet. As OT converges with IT, it requires an additional need for OT/IoT security.

Prepare To Assess Your Facility

When evaluating the IT and OT/IoT status of your organization’s systems, consider the following items related to common pain points.

• What is installed?
• Where are these systems located/installed?
• How are these devices segmented?
• Are vendors using default credentials?
• Are operating systems up to date with version and security patches?
• What about wireless coverage and security?

As part of your preparation, don’t underestimate the threat of ransomware, as this has become a serious concern for organizations across the country (and the world). Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid, and it is often spread through phishing or visiting an infected website. According to a December 2019 Emsisoft report¹, the U.S. was hit by ransomware attacks in 2019 that impacted at least 948 government agencies, educational establishments, and healthcare providers at an estimated cost in excess of $7.5 billion.

In 2019, ransomware attacks cost U.S. manufacturers and city and county governments $176 million related to investigation, rebuilding of networks, reputation rebuilding, and restoration of lost data—along with creation of preemptive measures to avoid future breaches. Some of the costliest attacks impacted industrial companies based in continental Europe, with six of the remaining incidents striking city government, one impacting a county government, and healthcare firms.

Start Your Assessment

An OT/IoT/IT assessment is a proactive step to mitigate cybersecurity risk. Take the following steps to get started.

Conduct scans:

• PCAP
• Wireshark
• WinPcap
• NPcap
• OT/IoT Discovery Tools

Walk the facilities:

• Validate the current inventory and update it as needed.
• Identify any abnormalities.
• Evaluate alarms.
• Look for rogue devices.
• Identify a hostile environment.
• Determine each OT device and how it is being used.
• Avoid default passwords.
• Identify if a BMS system is left open.

Then, evaluate IoT vulnerabilities using software:

• Determine whether IoT devices have default configurations.
• Scan for default credentials.
• Find default, embedded, and weak credentials across the network.
• Discover noncentralized managed devices (such as printers) that may be vulnerable to credential issues.
• Gain visibility and control over vulnerabilities on devices that are noncentrally managed.
• Develop a remediation plan.
• Build a strategy to segregate devices on the OT network.
• Standardize deployment of devices and services.
• Leverage virtual LAN(s) for network segmentation.
• Quarantine devices that are not capable of compliance with set security policies.
• Reconfigure network devices and BMS/BAS control systems and devices.

So, by all means, get that assessment done, analyze findings, develop a plan for action, identify necessary resources and people, and keep your network safe from attacks and threats.

References

¹ https://blog.emsisoft.com/en/34822/the-state-of-ransomware-in-the-us-report-and-statistics-2019/

Englebrick is a practice manager within TEKsystems Global Services Networking and Unified Communications practice. He has more than 28 years of industry experience in design, operations, and R&D within the telecommunications realm. Englebrick has supported K-12 and higher education for 15 years, as well as the states of Kansas and Missouri. His knowledge spans from Cisco to Avaya, focusing his network discipline on design implementation.

Do you have a comment? Share your thoughts in the Comments section below or send an e-mail to the Editor at acosgrove@groupc.com.

Want to learn more about technology and facility management?

Check out more technology and facility management news in previous Facility Executive Tech & FM Columns.