Our Top Ten Greatest Hits from 2016

1. Your Front Door is Bolted, but the Back Window is Wide Open: OT Cyber Security Webinar

You’ve set up a firewall. Hired a CISO. Bought Palo Alto.

Maybe you’ve even added an assessment from a large consulting group. Those action items and checked boxes are giving you a sense of security, a plan. But the problem is, it’s a false sense of security. You still haven’t protected your operational technology and that’s a huge problem.

According to the HIS technology report, “Industrial IoT 2014,” less than half of Internet-connected devices are above the firewall. More than half are actually below it– in the operational technology (OT) underbelly.

Imagine a house with a bolted front door and a state-of-the-art home security system out front. It may seem secure, but the back window is wide open, curtains billowing in the wind– leaving it vulnerable to outside threats.

Your cyber security plan is no different. Ignoring operational technology cyber security is like leaving the back window or door wide open.

Watch this on-demand webinar to hear two operational technology experts from the Gray Matter team address the major vulnerabilities and how to overcome them.

Watch the Webinar

2. Taming the Complexity of a Digital Era

There are now more computing devices in the world than there are people.

According to the United States Census Bureau, the world’s population is made up of 7.3 billion people, and growing steadily. In fact, their online population clock tracks each new addition like a live, ticking scoreboard. But the bureau isn’t the only organization counting new life.

The mobile analysis firm GSMA Intelligence has a similar, real-time dashboard that tracks new mobile connections.

With close to 7.8 billion SIM cards operating in the world right now, mobile devices are coming online faster than people are being born.

But what actually pushes this figure past the world population is the growing number of active machine-to-machine connections– M2M connections like cars, medical appliances and industrial infrastructure.

Read More

3. The Road Map You Need Before a SCADA Update

Imagine agreeing to a road trip with a driver who refuses to use directions.

No GPS, no folded-up paper map, and certainly no stops to ask for directions, just an open road stretching out into a giant question mark.

“I’ll wing it,” the driver might say. “We can figure it out as we go along.” 

Chances are, you’re not going on this one.

You wouldn’t agree to an aimless road trip, and you wouldn’t trust your surgeon to improvise an operation. You wouldn’t want your operators on the plant floor to just wing it.

So why risk a SCADA upgrade by skipping the system assessment?

Read More

4. What’s Your Industrial Cyber Security Score?

A client in operational technology recently told us their rate of cyber incidents was 200 attacks per month three years ago – now it’s 2,000 attacks in four hours. To get ahead in cyber security, the first step is finding out what you don’t know.

This cyber challenge is designed to pose important, valuable questions to your cyber strategy. You’ll find out just how much you currently know and don’t know about your own system.

Nobody has all the answers, but you can gain valuable insight into your own operations and strategies. Take our cyber challenge and you’ll receive your own knowledge level based on your score.

Are you up to the challenge?

Take the Challenge

5. The Cyber Security Guide for Operational Technology

The expansion of the Industrial Internet is leading to the need for specialized cyber security tools to protect operational technology.

Securing your information technology (IT) is a good and important step in business, but don’t forget about locking up the systems we rely on most in manufacturing, energy and water – the operational technology.

Billions of sensors are being rolled out rapidly as the Industrial Internet expands. The devices for operational technology are very different than those found on information technology networks and they need specialized technology to protect them. 

Download the guide for a comprehensive understanding of security in the OT world including top vulnerabilities. The guide walks you through the first steps in knowing what’s on your network and has specific advice about the assessment process from our top cyber security consultants.

Download the Guide

6. Gray Matter Systems Talks Technology on TechVibe Radio

Gray Matter Systems CEO, Jim Gillespie, appeared on the TechVibe podcast on Sept. 9, 2016 to talk about Gray Matter’s role in the emerging technology scene in Pittsburgh.

7. What Pokemon Go Taught Me About Augmented Reality For Industrial Environments

Gone are the days of playing a Game Boy by streetlight on family car trips. Today’s budding gamers will never know the struggle of frantically searching for new AA batteries to play the newest game, just bought with carefully saved allowances and chore money.

In fact, with Nintendo’s newest advancement in gaming technology, mothers everywhere will soon be pushing their kids to “go outside and play video games.” I am, of course, referring to the gaming company’s newest fad, Pokémon Go, which has taken seasoned and new gamers alike by storm.

The game relies on augmented reality, or AR, a sect of technology that employs the physical world as a base for overlaid, digital images. Pokémon Go, however, represents more than just a technological advance applicable to those who “gotta catch ‘em all!”

In a recent article from GE Reports, Marco Annunziata, Chief Economist and Executive Director of Global Market Insight at GE, surmises the gaming application’s role concerning how we think about big data and the industry.

Read More

8. Digitizing Standard Operating Procedures to Ensure Safety, Security & Compliance at Orlando Utilities Commission 

Whether you’re a seasoned veteran of the water/wastewater industry or not, imagine the intense smell from an overly chlorinated pool on a hot summer day. The kind of smell that burns your nose and turns your eyes red.

Now multiply that reaction by 5,000 and that only begins to illustrate the potential danger water operators can face when dealing with chlorine leaks or spills in a utility.

For municipalities across the country that deal with potentially hazardous chemicals on such a frequent basis, like Orlando Utilities Commission (OUC), keeping operators safe is the top priority. 

Today’s forward-thinking utilities like OUC are using technology to keep their operators safe in these kind of situations. That technology, in the form of sophisticated software, is also helping utilities improve operations.

Download the White Paper

9. Trout Fishing and Automation: They Have More in Common Than You Think

The first thing one notices about trout fishing in western Pennsylvania on a clear April morning is the stunning, unnerving calm.

It’s a serenity that commands respect. It forces grown men to creep along its pathways like children sneaking downstairs on Christmas morning. If they talk, they only do so in a whisper.

There’s a lot of art in fishing—especially fly-fishing—but there’s a fair amount of science involved too. 

Knowing the best time of day and what bait to use can mean the difference between winning and losing.

While it might sound simplistic, that’s pretty much the way applying automation and technology to oil and gas operations works. The more data an operator collects on its surroundings and the better it knows the environment, the better chance it has of being successful.

Read More

10. Oil Insider Top Three Issues in the Boardroom 

Pricing in the oil and gas industry is extremely volatile.

It’s leaving industry decision makers with little time to lose. They need the right technology, in the right place, immediately. Their people have to be better at their jobs today than they were yesterday. Every decision counts and if one move is a few days late, it could cost millions.

Gray Matter Systems CEO, Jim Gillespie is familiar with helping oil and gas executives to solve the biggest problems facing their companies. He says the first issue circulating in oil and gas boardrooms everywhere is getting data from many different sources all on one display. It’s commonly referred to as the “single pane of glass.”

Read More

Surprise: Your Control Network is Connected to the Internet

That Awkward Moment

It happens daily.

A company is investigating a cyber security breach. Word of the breach gets out and suddenly their brand, reputation and trade secrets are all at stake.

It’s a really awkward moment and a PR nightmare. I read the quotes and calming explanations from communications executives that despite the breach often say — don’t worry — our systems are not connected to the Internet or any external network. Are they sure? How sure?

When we test cyber vulnerabilities at some of the biggest manufacturing and energy companies and water utilities, it’s surprising how many internet and external connections exist that top security leaders didn’t know about. We start the assessment and within seconds the room is silent.

Surprise, your control network is connected to the Internet.

Getting on the Same Operational Page

Part of the solution is making sure all members of your team are on the same page.

In many cases all your cyber security planning has secured the information technology (IT) side, while at the same time your oper­ational technology (OT) is left wide open and it’s a dangerous gap.

According to the HIS technology report, “Industrial IoT 2014,” less than half of Internet-connected devices are above the firewall. More than half are actually below it– in the operation­al technology (OT) underbelly.

Imagine a house with a bolted front door and a state-of-the-art home security system out front. It may seem secure, but the back window is wide open.

Your cyber security plan is no different. Ignoring operational technology cyber security is like leaving the back window or door wide open.

Corporate IT is significant and needs to be protected. It’s your emails, financials, documents and passwords. Protecting this sensitive information is imperative.

OT is a whole different level.

Operational technology is the hardware and software used to control all your industrial processes. These are the critical systems that clean water, make food and produce energy. If they’re attacked, the results can be dangerous and lead to power outages, environmental damage and even loss of life.

While spending for IT protection has increased, OT spending is often secondary, creating huge vulnerabilities.control network connected internet

In the past, OT systems were separate from IT but as interconnectivity spreads they’re becoming increasingly integrated.

OT can now be reached through IT and it’s becoming more susceptible to network attacks.

Not long ago, hackers caused major damage at a steel mill in Germany. They came in through the IT side, but after stealing logins through email were able to access the mill’s control systems. Now that hackers were on the operational technology (OT) side, the IT protection in place was no longer helping.

This led to parts of the plant failing, causing a furnace blast and significant damage.

Specialized software created by the hackers was used to oversee and administer the plant.

In the aftermath, software developers and digital analysts said they “didn’t expect a nuclear power plant or steel plant to be connected to the Internet.”

Depending on who you’ve hired to run security, they may fall on the IT side, OT side or somewhere in between. It’s imperative they know the operational technology side as well.

Knowing the tools and systems on the operational side takes a very special skillset.

The nature of devices on the OT network are different than those commonly found on IT networks. We’re talking about PLCs, RTUs, SCADA servers, Historian servers, data concentrators, etc.

Some legacy PLCs are equipped with built-in webservers. As a result, it’s important for us to understand not just what is on your OT network, but also how it’s behaving. Using “active” monitoring devices on an OT network can not only disrupt communication timing, but can lock up OT devices like PLCs.

In some cases, you may want to organize the OT network so that only a select set of devices can communicate to other sets of devices.

A key takeaway from a recent Department of Homeland Security conference on cyber security for op­erational technology ICS-CERT (Industrial Control Systems Cyber Emergency Response Team) was to first take inventory of all your connected devices digitally (or manually) to trace every connection.control network connected internet

This directive is for public/government utilities, private manufacturing and energy companies. Home­land Security advises mapping all the devices to determine where you currently have undocumented connections and to understand your overall risk.

A digital inventory is recommended as long as it is passive and does not actively ping or ask the OT devices for information.

Big Things are at Stake

The rapid growth of the Industrial Internet of Things (IIoT) is changing the game on all of this. As billions of sensors are being shipped that incorporate IIoT technology, knowing what is on your OT network is critically important.

Given the high likelihood that your OT network will grow, you might want to ask your team:

Are you truly confident that you know everything that’s plugged in or connected wirelessly to everything else on the network? How often have you or someone on your team traced every run from switch to device either manually or digitally?

Big things are at stake, so it’s important to be honest as you answer those questions.

Take The Cyber Challenge

Nobody has all the answers, but you can gain valuable insight into your own operations and strategies.

The cyber challenge is designed to pose important, valuable questions to your cyber strategy. You’ll find out just how much you currently know and don’t know about your own system.

Take our new Industrial Internet Cyber Security quiz and share the results with your team. Who had the best scores?

Take the Challenge

 

Contact GrayMatter

Get in touch with us!