TechHub: Industrial Hacks, Automated Cars and Smart Elevators

Top cyber security conference kicks off with water treatment plant hack

In case you couldn’t make it, we’ve got updates from one of the world’s largest security events happening this week in San Francisco, CA.

The RSA Conference gathers the industry’s top security and technology leaders and pioneers—including a Gray Matter cyber security consultant– promoting a forward-thinking global community to foster innovative ideas and new approaches to inspire and empower the industry.

FBI cyber division at industrial RSA 2017

The FBI Cyber Division recruitment booth at the RSA Conference 2017.

The event featured keynote speakers such as a defense intelligence officer for cyber at the Defense Intelligence Agency, senior cryptographer at Microsoft Research, director of information security at Google, a senior security engineer for Fitbit and more.

This year, it started off with a bang– kicking off with an intentional ransomware attack on a water treatment plant launched by researchers at the Georgia Institute of Technology.

According to Nextgov, a National Journal Group, the attack successfully shut down valves, adjusted chlorine levels and falsified readings.

This demonstration highlighted the increasing fear of malware attacks on utility companies, much like what’s been happening to power plants, banks and others.

Industrial control systems are becoming increasingly vulnerable, and are oftentimes connected to the Internet without intention.

To get ahead in cyber security, the first step is finding out what you don’t know.

Take our cyber challenge to test your knowledge and find out what you know — and don’t know — about your own system.

What’s Your Score?

Ford’s Billion-dollar self-driving car deal creating 200 high-tech jobs by end of 2017

This week Ford announced a partnership with Argo AI– investing in the company to create an engineer and test center for self-driving cars in Pittsburgh, PA.

Argo AI is run by alumni of the Carnegie Mellon National Robotics Engineering Center and specializes in development of artificial intelligence. They are looking to work with Ford to develop autonomous vehicles by 2021, according to Trib Live media group.

It’s estimated that the partnership will add 200 high-tech jobs in Pittsburgh, Michigan and California by the end of the year­– amounting to over 1,000 jobs within the next five years from the Ford deal, according to Allegheny County Executive Rich Fitzgerald in Trib Live.

Uber has already been testing self-driving cars in Pittsburgh since 2016, according to Wired, where pre-selected Uber users within a 12-square-mile radius of downtown have the option of riding in one of the autonomous vehicles — with a human engineer behind the wheel, naturally.

“Pittsburgh continues to make global headlines on this growing industry,” said Bryan Salesky, Argo AI CEO. “Which stems from the hard work and brainpower of our friends at Carnegie Mellon and the many industries they continue to seed and grow throughout our region.”

Partners in Global Alliance and Digital Enterprise

The GE Global Partner Summit hosted by GE Digital in Napa, CA, features premiere alliances in all committed to supporting the growing industrial data marketplace.

Starting on Tuesday, the summit showcased the newest technologies and innovations in the industry. Not an alliance partner? Don’t worry — Gray Matter was there to help bring you up to speed.

The buzz of the event was success stories in digital transformations.

“The world needs a system to take industrial data from the edge and move it to the cloud,” said Harel Kodesh, Vice President of Predix and Chief Technology Officer of GE Digital.

That system is Predix.

Predix is an operating system for the Industrial Internet that connects industrial equipment, analyzes data and delivers real-time insights as a result.

Four themes of Predix were outlined throughout the summit: scale the platform, support the digital twin, edge-to-cloud platform and advance developing experience.

Predix has been implemented for various issues, including elevator safety.

Imagine you’re stuck in an elevator, alone. Who will know you’re in there and come to save you?

The solution is connected elevators.

By using GE Digital’s Predix software, Huawei Technologies developed IoT enabled elevators — reducing operational and maintenance costs by detecting potential risk immediately and in turn improving passengers’ safety.

GE Digital’s partnership with Gray Matter Systems is a part of their growing industrial ecosystem. The goal is to help companies undergoing digital transformations in every industry.

In the two-minute video spotlight with Gray Matter CEO, Jim Gillespie, GE focuses on the journey of two Gray Matter customers, Procter & Gamble and Anadarko. Watch the video here:

Ransomware: Expanding into the Industrial Internet

The Dark Side of the Industrial Internet

Ransomware attacks are no longer just a threat for IT companies, but are rapidly creeping in and causing damage to the world of industrial infrastructure.

With a 300-percent increase from 2015 to 2016, ransomware attacks are amounting to over 4,000 daily, making it the fastest growing malware threat according to the FBI.

Ransomware blocks access to data within a computer system or network until a sum of money is paid, often in the online currency bitcoin.

Our partners at CyberX, a cybersecurity company focusing on OT networks and industrial infrastructures, reported that KillDisk malware has evolved into ransomware, transitioning from destroying data to encrypting it and then demanding a bitcoin ransom for the data to be returned to the user.

IT Locked Up, OT Wide Open

Disk-wiping malware previously used in cyber attacks responsible for disruptions within the Ukrainian power grid has found its way into the industrial domain.

In this incident, a control center worker for the power grid noted that his cursor started controlling circuit breakers on his screen, when he wasn’t touching it.

After changing the operator’s passwords and locking him out of the system, the hackers took an entire substation offline, which escalated to shutting down many more as he helplessly watched.

Much like what resulted in the Ukraine, this malware is being distributed through office email attachments, resulting in hard-drives and network-mapped folders becoming encrypted and information stolen as a result.

Industrial networks are commonly targeted due to the economic incentive, as well as the problematic situation it creates for companies. Not only does it put the data at risk, but can cause damage to production.RedDoorMailer

This is a prime example of companies locking their information technology (IT), but leaving their operational technology (OT) systems too exposed.

Download the free Cyber Security for OT guide from Gray Matter Systems and read more about securing the OT side.

Preventing Cyber Attacks

So what’s the most effective method of protection?

Prevention. Protecting SCADA networks is key to fighting cyber attacks.

By performing risk assessments on OT networks for vulnerable HMIs, Industrial Firewalls, PLCs and IIoT devices, vulnerabilities in the network are easily identified and fixed.

Had the power grid workers been required to log into the SCADA and data acquisition networks by using two-factor identification, this may have been prevented.

By creating the correct policies in place within OT systems, organizations can better ensure systems to be worked on safely and securely.

Take the Cyber Challenge

How much do you know, or not know, about your own OT systems?

Take our Industrial Internet Cyber Security quiz and gain valuable insight into your own operations and strategies.

Take the Challenge

Cybersecurity Fears Prompt the Navy to Navigate by the Stars Again

In a time where technologies such as smart fridges, self-driving cars, and 3D printing are the norm, The United States Naval Academy is beginning to teach celestial navigation once again, according to the Capital Gazette.

The practice fell out of use about 20 years ago, thanks to advances in radio wave and GPS navigation. But it’s not nostalgia that’s making the Annapolis school teach the outdated navigation once again.  It’s cybersecurity qualms.

The fear of cyber attacks has the Navy running back to the technique, using instruments to measure the angles between astronomical objects– stars, planets, asteroids.

For now, it’s just a three-hour course covering the basics. But it’s a start.

“We went away from celestial navigation because computers are great,” said Lt. Cmdr. Ryan Rogers, the deputy chairman of the academy’s Department of Seamanship and Navigation. “The problem is,” he added, “there’s no backup.”

In the 1990s, the Air Force launched two dozen satellites nearly 13,000 miles above Earth– changing the way the Navy navigated vessels forever. And while Rogers said that using this GPS is much more accurate, the risk of cyber vulnerabilities is becoming greater.

The Navy isn’t alone in their fear of cyber attacks. A survey of more than 1,100 business decision-makers revealed that 53% feared data risks, cyber attacks and viruses.

Plus, The Daily Beast published an article with a chilling headline that reads, “Cybersecurity expert: Be afraid, America, be very afraid.” The cybersecurity referenced there being Joseph Weiss, author of the book, Protecting Industrial Control Systems from Electronic Threats with more than 40 years in the energy sector.

Weiss warns that cyber threats, while ruinous when it comes to identity theft, are most destructive when it comes to industrial control systems.

“These ubiquitous hidden computers have gradually and quietly been put in charge of all manner of critical infrastructure—including nuclear power plants, the grid, water and gas pipelines, refineries, air traffic control, trains, factories, you name it,” said Weiss.  

Here’s a couple of other notable stories from this week:

IoT in Energy Sector Worth $22 Billion by 2020

Metering & Smart Energy reported that the Internet of Things (IoT) in the energy market is expected to reach about $22 billion by the year 2020– growing at a compound annual growth rate (CAGR) of 24.1%.

The report further segments the global IoT market into network technologies, services, applications and region.

When used for energy-related purposes, the IoT “is primarily aimed at achieving the integration of machines and intelligent data analysis to enhance the operational efficiency targets being set by energy companies,” according to the report.

SCADA Market to Benefit from Oil & Gas Demand

Speaking of reports of growth, a report from this year illustrated the supervisory control and data acquisition (SCADA) to expand at a CAGR of 5% by 2020.

The global SCADA market is divided into electrical power, water and wastewater, oil and gas, transportation, chemicals, pharmaceuticals, and food and beverage.

According to this Transparency Market Research (TMR) report, this growth is due to an elevated demand for SCADA from the oil and gas industry. Factors like the accelerated demand for process automation and the threat of cyber attacks affect this demand.

A Multiskilling Approach to Oil & Gas

Schlumberger, the massive oilfield services company, released third quarter results on Thursday that continue to show challenges in the industry, leading them to take a “conservative view on 2016 E&P spending.”GE_DE_FFA-Resources

CEO Paal Kibsgaard warns that recovery now seems to be delayed. But in the process of announcing these challenges, Kibsgaard coined a new term called multi-skilling, according to an article by Joseph Treipke published on OilPro.

If you haven’t guessed already, the gist of the concept is that with a little investment in re-training, one skilled worker could do the job of two, even three skilled workers. While Schlumberger may be the first to vocalize this idea, they’re not necessarily the first in the oil and gas industry using this strategy amid low oil prices.

Still, Treipke argues that multiskilling “isn’t necessarily a euphemism for more work, less pay.” The hope is that multiskilled employees improve oilfield efficiency, but it could be dangerous when it comes to putting significant pressure on one engineer to do the job or two or three.

Media We Link To:

“Seeing stars, again: Naval Academy reinstates celestial navigation” – The Capital Gazette 

“America’s Businesses Vexed by Medical, Legal, Tech Risks: Survey” – Insurance Journal

“Cybersecurity Expert: Be Afraid, America. Be Very Afraid” – The Daily Beast

“Internet of Things in energy sector worth US$22bn by 2020” – Metering and Smart Energy

“Global Supervisory Control and Data Acquisition (SCADA) Market to Benefit from Elevated Demand from Oil and Gas Sector” – Automation.com

“Schlumberger Implements A “Multiskilling” Approach To Jobs As CEO Sees Downturn Continuing” – OilPro

ICYMI: IoT Opportunities, Cyber Security Insurance, Hacking iOS9 and More

The IoT is Staring at You in the Face

While it seems buzzwords like the Internet of Things  (IoT), the Industrial Internet, and Big Data are dropped everywhere these days, many manufacturers are still nervous to actually put the IoT into practice.

Mike Hitmar, a senior industry adviser in manufacturing, said in a recent article for Industry Week to these hesitant manufacturers and decision-makers: “Don’t make it more complicated than it needs to be.”

Hitmar argues that making the case for the IoT is actually right in front of you– on the production floor.

“Those expensive machines sitting on the production floor? They’re loaded with data-generating sensors poised to turn mundane operational and maintenance data into strategic breakthroughs,” said Hitmar. 

According to research from Gartner, 40% of companies believe that the IoT will have a significant impact over the next three years. Yet, only a small amount of them have actually put systems into production that draw from the IoT.

ICYMI-Cyber-Security

Photo courtesy, Alex – Flickr/CC

As Hitmar brings up, one of the simplest systems to implement is also one that delivers some of the most ROI: predictive maintenance analytics.

Imagine being able to schedule a critical asset failure– or being able to pinpoint the exact day,  even hour it happens on a calendar. Think about how this can save you an enormous amount of lost revenue.

Finally, Hitmar said that the IoT honestly shouldn’t even be news– after all, “manufacturers have decades of experience using machine sensors to ensure equipment operates as expected.”

Using Big Data to Classify Mood Disorders

Researchers at the University of Buffalo recently received a National Science Foundation (NSF) grant to use big data in the development of a new approach for the classification of mood disorders, according to a recent article in News Medical: Life Sciences & Medicine.

The research is said to provide more effective outcomes for psychiatric patients with mood disorders. Their goal is to incorporate big data in the methodology and visualization tools to cluster patients with the disorder.

ICYMI-Cyber-Security

Photo courtesy NEC Corporation of America

“Existing approaches often break or are inappropriate in big data settings for several reasons,” Rachel Hageman Blair, assistant professor and one of the researchers explains. “There is not a one-size-fits-all approach even for well-behaved data sets. Bringing together different methods under a single umbrella with strong visual interpretations holds value for a clinician.”

The researchers said that previous labels are no longer accurate because they simply don’t integrate all available data, something they want to change with their project.

Do We Need Our Own Cyber Security Protection Plan?

Data breaches at large entities like retail stores, banks, or government agencies have led many into cybersecurity solutions and programs. But does this mean we need our own, individual cyber security plan as an everyday citizen?

Priya Anand of The Wall Street Journal discussed the possibility in a recent article. 

Anand said that many homeowners’ insurance policies do additionally have identity-theft coverage– which might include anything from credit monitoring to a case manager on stand-by to help with the aftermath. Of course, some companies are now starting to push consumer cyberprotection.

“They’re [consumer cyberprotection companies]  offering home-security audits and checking whether computer systems are hack-proof, said Anand. “The pitch is that individuals with investments and sensitive data they access on home and mobile systems may be more vulnerable than they think.”

And Avivah Litan, a security analyst at Gartner Research asserted that those who have millions in “investible assets” should ultimately consider what is being offered at their banks or brokerages in terms of cyberprotection. She also said it’s important to simply weigh the odds– how much of a “drop” can you afford?

Continue reading about consumer cyberprotection here. 

$1 Million Offered to Hack iOS9

ICYMI-Cyber-Security

Photo courtesy Yanki01 of Flickr/CC

Speaking of cyber security, Apple offered this week a $1 million bounty for jailbreaks of their newest version of iOS. Jailbreaking refers to getting around security restrictions enforced by Apple to install applications that aren’t authorized or distributed in the official app store.

Zerodium, an exploit acquistion company, promises to shell out a million big ones to researchers who “can provide it with an “exclusive, browser-based, and untethered jailbreak for the latest Apple iOS 9 operating system and devices,” said Lucian Constantin, PC World.

The company is only interested in reliable and silent exploits– they must not require any user interaction except for accessing a Web page or reading a simple text.

“Eligible submissions must include a full chain of unknown, unpublished, and unreported vulnerabilities/exploits (aka zero-days) which are combined to bypass all iOS 9 exploit mitigations including: ASLR, sandboxes, rootless, code signing, and bootchain,” Zerodium said on its iOS 9 Bug Bounty page.

Media We Link To:

“No More Excuses: Transformative IoT Staring in Your Face” – Industry Week 

“Researchers to use big data to improve classification of mood disorders” – News Medial: Life Sciences & Medicine

“Do individuals need cybersecurity insurance?” – The Wall Street Journal 

“$1 million bounty dangled for Apple iOS9 jailbreak exploits” – PC World

Contact Gray Matter Systems

Get in touch with us!