Protecting HMIs from ransomware threats

When it comes to on industrial cyber security issues, a good backup is the best defense. This is especially true as companies are being targeted more and more by ransomware threats from hackers.

04/14/2016


When it comes to on industrial cyber security issues, a good backup is the best defense. It is the one activity that increases automation system robustness against hardware failures as well as internal and external cyber threats. This is especially true with the backups of the databases associated with an automation system human-machine interface (HMI).

The cyber threat landscape changes daily. One increasing threat that you have surely heard of in the main stream media is ransomware. This attack essentially finds files that might have value, encrypts them and then asks for money for the key. This attack is not initiated by the idle teenage hacker. Many of the purveyors behind this kind of attack have 24/7 staffed call centers, sophisticated software distribution schemes, and easy methods to accept Bitcoin payment. If you pay them it is quite likely that you will get the data back. If ransomware routinely destroyed data, why would anyone pay? That's bad for business.

Hospitals are the latest targets of this kind of attack for a couple of reasons. First, they have a lot of valuable and sensitive data, which because of healthcare privacy laws, is not always backed up or duplicated. Since the data is not removed from the hospital servers they aren't required to report it as a breach. This allows everyone to keep it hush-hush. Even the U.S. Secret Service suggests that an owner just pay up and that in the future they invoke better network security and backup procedures. How does this relate to industrial control systems?

Like hospitals, many HMI databases are not routinely backed up. These databases which manage point data (status, values, etc.) are likely derived from commercial off-the-shelf (COTS) software and are exactly what the people behind the Ransomware are looking to encrypt. Imagine one day all the operator stations lock up. When you go check the server, you see a little window that asks for the key to unlock the database for only $2,000 in Bitcoin.

While plants might not seem like something that would be specifically targeted, ransomware is commercially available (remember: it's a business) and there are a lot of purveyors who love this business model. With so many players, it is indeed possible that a plant's system be unintentionally exposed to this type of threat through a USB memory stick, service laptop, or a leaky firewall.

All is not lost, however. If the plant has a recent backup, then all the plant has to do is run a malware removal tool and reinstall the database from the backup made the previous month. 

After this is done, most security professionals suggest the following steps to make future attacks less likely:

  • Monitor for failed logins on your servers
  • Strong passwords for the service accounts (20 characters or more)
  • Password-protect the backups.

Can't find that backup? "Brother, can you spare some Bitcoin?"

This post was written by Bruce Billedeaux. Bruce is a senior consultant at Maverick Technologies, a leading automation solutions provider offering industrial automation, strategic manufacturing, and enterprise integration services for the process industries. Maverick delivers expertise and consulting in a wide variety of areas including industrial automation controls, distributed control systems, manufacturing execution systems, operational strategy, business process optimization and more.

Maverick Technologies is a CSIA member as of 4/12/2016 



No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Integrated mobility; Artificial intelligence; Predictive motion control; Sensors and control system inputs; Asset Management; Cybersecurity
Big Data and IIoT value; Monitoring Big Data; Robotics safety standards and programming; Learning about PID
Motor specification guidelines; Understanding multivariable control; Improving a safety instrumented system; 2017 Engineers' Choice Award Winners
This digital report will explore several aspects of how IIoT will transform manufacturing in the coming years.
Motion control advances and solutions can help with machine control, automated control on assembly lines, integration of robotics and automation, and machine safety.
This article collection contains several articles on the Industrial Internet of Things (IIoT) and how it is transforming manufacturing.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Mobility as the means to offshore innovation; Preventing another Deepwater Horizon; ROVs as subsea robots; SCADA and the radio spectrum
Future of oil and gas projects; Reservoir models; The importance of SCADA to oil and gas
Big Data and bigger solutions; Tablet technologies; SCADA developments
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
click me