TechHub: Ransomware Wreaking Global Havoc, Real-Time Asset Condition & Water Innovations

The Industrial Ransomware Wreaking Global Havoc

The recent global crisis of ransomware attacks on infrastructures and private businesses have left cyber experts and government authorities scrambling to double their efforts.

Computer systems were infected worldwide in June 2017 with a massive cyber attack similar to a recent assault that affected tens of thousands of machines internationally, causing critical infrastructures to take a major hit.

After recovering from a string of attacks that left thousands without power six months ago in December 2016, the citizens of Ukraine were faced with an even worse offense.

A.T.M.s stopped working, workers were forced to manually monitor radiation at the old, toxic Chernobyl nuclear plant due to computer failures and industrial employees worldwide were scrambling to respond to massive hacks.

“At the Chernobyl plant, the computers affected by the attack collected data on radiation levels and were not connected to industrial systems at the site, where, although all reactors have been decommissioned, huge volumes of radioactive waste remain. Operators said radiation monitoring was being done manually,” according to the New York Times.

The entirely new ransomware infected the systems of Ukraine’s power companies, metro services, airports and government ministries such as Kiev’s central post office.

The outbreak was the latest and most sophisticated in a series of attacks, using dozens of hacking tools, according to the NY Times.

The malware also had an impact internationally, causing system shutdowns of:

  • Danish shipping and transport company Moller-Maersk, resulting in an inability to process orders and its 76 terminals around the world became very congested.
  • Russian steel and oil firms Evraz and Rosneft.
  • French construction materials company Saint-Gobain.
  • Pharmaceuticals company Merck.
  • An Australian factory for chocolate giant Cadbury, resulting in halted production.

Special Agent Keith Mularski, Unit Chief of the FBI Cyber Initiative & Resource Fusion Unit.

To continue the discussion on cyber espionage and industrial cyber security, join us at Transform 2017, our annual conference in Put-in-Bay, Ohio.

Special Agent Keith Mularski, Unit Chief of the FBI Cyber Initiative & Resource Fusion Unit heads the Cyber Initiative for the FBI and was part of an effort to declassify cyber threats and pass them on to industry.

Keith will walk through case studies of cyber incidents at US Steel, Alcoa and Westinghouse, revealing how the government communicated and worked together with industry to fight cyber crime.

Learn More About Transform 2017

Don’t Get Stuck in a Rut: Learn the True, Real-Time Condition of an Asset

Cars have data and analytics for when parts should be replaced, so why can’t your utility?

It can.

Like owning a car, the idea is similar for asset management. In a water treatment plant, pumps often come with a “best-by” sticker; a generic six-month date is stamped onto it, creating a time-based system for maintenance, regardless of usage.


The date becomes the driving factor for servicing rather than following data.

But there is a better way to capture condition of assets consistently, accurately and efficiently.

The solution lies in combining two systems already in place and leveraging the findings to save time and money, drastically increasing uptime.

Download the white paper to learn how to leverage digital data to effectively and accurately forecast maintenance of assets.

Download the White Paper

Water Innovation Pact Signed to Promote Smart Water Networks

The Water Environment Federation (WEF) and Smart Water Networks Forum (SWAN) recently formed a pact to jointly promote the development of best industry practices for sustainable smart water networks.

Smart water networks detect system leaks and manage energy through incorporating technology, according to Water Technology, an online water news publication.

“Supporting innovation is essential to the water sector, and to further development of intelligent water systems,” WEF executive director Eileen O’Neill said.

In the wake of technological advancements in the water sector, the combination of the groups’ focus on smart wastewater network management and integrated intelligent water practices will provide new skill sets and knowledge, allowing for workforce advancement.


Co-innovated smart drinking fountain by GrayMatter & DC Water.

The partnership seeks to determine common barriers of implementing intelligent water practices, technology trends and new solutions.

GrayMatter and DC Water have recently had success through a partnership of their own by co-innovating a smart sensor drinking fountain.

A drinking fountain that monitors water quality and flow in real time – giving users more confidence in the water they are drinking and saving money spent on maintenance and testing. The groundbreaking project addresses lead levels – one of the most pressing issues in water.

“This project redefines public water consumption, putting people and clean water first,” Jim Gillespie, GrayMatter CEO.

The new tech fountains have sensors that use real-time data and analytics to monitor both water quality and flow levels, sending that information to the cloud and back, alerting when water quality measurements begin to deteriorate.

The co-innovation project is just the beginning of many ways private sector innovation and independent operations are joining forces to make water operations more efficient, at a lower cost. The fountains are set to be used in public places this fall, including schools.

Learn more about the GrayMatter and DC Water water innovation project at Transform 2017:

  Learn More About Transform 2017


CyBlog: This Week in Cyber Security

This week in the world of cyber, the top predictions of what will be trending in 2017 are flooding the web. Talks of industry and utility hacks, scares of increasingly complex malware attacks and pleads of a more stringent cybersecurity system are more prevalent than ever.

Surprise! Your Operational Technology is connected to the Internet

Discussions of the Ukraine power grid hack have been continuing in the news since before the holidays, with constant updates on the follow-up attack and how they’re connected, as well as what this could mean for the industrial and utility world as thousands were left without power.

Kiev (pictured here) is the capital of Ukraine, a victim in one of multiple malware attacks on their power grid.

Kiev (pictured here) is the capital of Ukraine, a victim in one of multiple malware attacks on their power grid.

Security Week, an internet and enterprise security news and analysis publication, predicts that cyber extortion will further target utility plants due to industrial network air-gaps. This makes it easy for cyber attackers to infiltrate SCADA and ICS systems, and possibly PLCs.

The publication also says that due to the increase in interest of interconnectivity and lack of protection within systems, ICS networks are becoming more complex and more exposed to external threats.

Read more on assessing your SCADA system and the upgrading process in our free white paper. 

Cybersecurity and Malware in the World of OT

With the growing and continuing risk of ransomware infiltrating company systems, cybersecurity is even more of a hot-topic for companies than it was in 2016.


A possible pop-up screen after malware has distributed into a system.

eWeek, a news publications specializing in the IT industry analysis and technology news,
reported that co-founder and CEO of Keeper Security Darren Guccione predicts small and medium-sized businesses will be more at risk for cyberattacks and data breaches in 2017.

Ransomware isn’t going away. In fact, it’s going to get more effective as hackers become better at embedding the viruses into emails through phishing, a fraudulent practice of sending emails within a company in an effort to steal personal and company information.

As a result, he recommends increasing investment in security defenses to be protected against these increasing threats.

Another prediction from eWEEK is hacks will be getting increasingly more complex. Rather than just single threat vectors, hybrid attacks will be more common. What does this mean? Hackers will be able to infiltrate your system, and then hide their tracks. By using a combination of phishing to deliver malware and then launching a Denial-of-service (DDoS) attack, the system is disrupted and suspends all services connected to the internet. This compromises various systems and is often infected using a Trojan virus — a type of vicious malware disguised within a user system as software.


Cybercriminals hacked into and compromised a utility in Lansing, Michigan, at the end of 2016.

Watch our on-demand webinar on securing your operational technology.

The Dangers of Outdated Operational Technology

Speaking of DDoS attacks, Lloyds Banking Group, Britain’s largest mortgage lender, was hit with a viral attack on Jan. 11.

According to Reuters, the bank was “bombarded” with copious amounts of traffic from various systems to overloaded the server. This resulted in temporarily freezing customers out of access to their online accounts.

This comes just months after Britain’s first large cyber bank heist in November when Tesco Banking was hacked. Hackers took funds from 20,000 accounts, and the bank halted all online transactions, and amounted to 2.5 million pounds, or $3 million, in losses.

Shortly after, the European Union (EU) decided it was necessary to boost security and is considering an EU-wide stress test within the industry.

Unfortunately, EU banks “rely on a digital infrastructure that is rigid and outdated,” according to Reuters, and is considering new technologies in an effort to boost security.

Is your SCADA system outdated? Using outdated technology can be extremely harmful towards your internal infrastructure and leaves you at a greater risk for cybercrime.

Ransomware: Expanding into the Industrial Internet

The Dark Side of the Industrial Internet

Ransomware attacks are no longer just a threat for IT companies, but are rapidly creeping in and causing damage to the world of industrial infrastructure.

With a 300-percent increase from 2015 to 2016, ransomware attacks are amounting to over 4,000 daily, making it the fastest growing malware threat according to the FBI.

Ransomware blocks access to data within a computer system or network until a sum of money is paid, often in the online currency bitcoin.

Our partners at CyberX, a cybersecurity company focusing on OT networks and industrial infrastructures, reported that KillDisk malware has evolved into ransomware, transitioning from destroying data to encrypting it and then demanding a bitcoin ransom for the data to be returned to the user.

IT Locked Up, OT Wide Open

Disk-wiping malware previously used in cyber attacks responsible for disruptions within the Ukrainian power grid has found its way into the industrial domain.

In this incident, a control center worker for the power grid noted that his cursor started controlling circuit breakers on his screen, when he wasn’t touching it.

After changing the operator’s passwords and locking him out of the system, the hackers took an entire substation offline, which escalated to shutting down many more as he helplessly watched.

Much like what resulted in the Ukraine, this malware is being distributed through office email attachments, resulting in hard-drives and network-mapped folders becoming encrypted and information stolen as a result.

Industrial networks are commonly targeted due to the economic incentive, as well as the problematic situation it creates for companies. Not only does it put the data at risk, but can cause damage to production.RedDoorMailer

This is a prime example of companies locking their information technology (IT), but leaving their operational technology (OT) systems too exposed.

Download the free Cyber Security for OT guide from Gray Matter Systems and read more about securing the OT side.

Preventing Cyber Attacks

So what’s the most effective method of protection?

Prevention. Protecting SCADA networks is key to fighting cyber attacks.

By performing risk assessments on OT networks for vulnerable HMIs, Industrial Firewalls, PLCs and IIoT devices, vulnerabilities in the network are easily identified and fixed.

Had the power grid workers been required to log into the SCADA and data acquisition networks by using two-factor identification, this may have been prevented.

By creating the correct policies in place within OT systems, organizations can better ensure systems to be worked on safely and securely.

Take the Cyber Challenge

How much do you know, or not know, about your own OT systems?

Take our Industrial Internet Cyber Security quiz and gain valuable insight into your own operations and strategies.

Take the Challenge

Q&A with Lucas Kane: A Modern Approach to Securing Critical Control Networks

You have a smart phone. Obviously. But is your case artful and reflective of your personality? You’re on LinkedIn and social media. Of course. But have you stretched into Snapchat and tried Periscoping live?

You’ve read the articles on growing cyber security threats. No question. But have you truly researched the most effective ways to protect your business?cyber pic 3

We have and found one that’s pretty hip.

Gray Matter Systems is announcing a brand new solution to help industrial operations teams and IT departments effectively cloak and protect critical infrastructure, assets, and information to minimize exposure to cyber-security threats. It’s called the HIPApp.

HIP stands for Host, Identity and Protocol.

Today we’re getting the real story on what the HIPApp is and how it works from our partners at Tempered Networks. They gave us the inside information during an interview with their Director of Product Management, Lucas Kane.

Q: First question, Lucas – What does HIPApp stand for and what’s the naming significance?

LK: The HIPApp is a native application for Windows 7 & 10 machines. Installing a HIPApp embeds a cryptographic identity on the Windows machine and the identity can then be verified (and managed) by a Conductor.

A Conductor admin can then add the HIPApp (and therefore the Windows machine) into overlay networks and whitelist the HIPApp/Windows machine, enabling a laptop, for example, to securely communicate with protected devices that reside in Overlay networks.

Q: In simplest terms, what does the HIPApp do?

LK: The HIPApp embeds a virtual HIPswitch onto a Windows 7 or 10 machine. Once installed, the HIPApp will appear in the Conductor UI and can be managed in the same way that a HIPswitch protected device is managed.

Q: What’s the biggest mistake companies make right now when it comes to cyber security?

(LK) – Relying on perimeter security as the instrument for securing critical assets and segmenting networks.

Q: How do you recommend companies solve this issue?

LK: We recommend that companies use a defense in depth approach that micro-segments their networks, facilitates end-to-end encryption, cloaks the devices on their WAN/LAN infrastructure networks and is easy to manage at scale.

Q: How is HIPApp different from other cyber security solutions?

LK: The HIPApp extends the footprint of the Tempered Networks solution. Windows 7 & 10 machines can now participate in Overlay networks. The difference between traditional security solutions and the Tempered solution is the ease of management at scale.

While the Tempered solution facilitates segmentation, end-to-end encryption, automated PKI, device base whitelisting and device cloaking, it does not require traditional security solution expertise and is easy to manage even at enterprise scale.

Q: Secure networking is so complex, how does HIPApp make it easier?

LK: The Tempered solution simplifies security as our intuitive Conductor user interface facilitates single-pane-of-glass management of all HIPservices and protected devices.


  • The simplicity of the Tempered solution reduces the risk of misconfiguration
  • The Tempered solution facilitates orchestration of a large number of devices and HIPservices
  • The Tempered solution leverages device-based whitelisting so devices cannot communicate until they are specifically allowed to communicate. This is a reverse approach to traditional security solutions.

Q: Is there a savings and how?

LK: The Total Cost of Ownership (TCO) of the Tempered solution is significantly less than traditional security solutions.

The upfront cost of our physical, virtual and cloud HIPswitches and Conductors is on par with traditional solutions, however, the time to deploy and manage the Tempered solution is significantly reduced when compared side-by-side with traditional security solutions.

Q:What’s your favorite feature of the new solution?

LK: The HIPApp, the API and the Visual Trust Maps

Thanks to Lucas Kane from Tempered Networks for bringing us up to speed on the latest solutions in cyber security.

If this conversation with Lucas made sense to you, why not hear from Tempered Networks live at our annual user group conference in Put-in-Bay, OH?

Join their session, “A Modern Approach to Securing Critical Control Networks and Endpoints” to learn more about connecting and protecting new and legacy devices, while increasing visibility into your vital systems.


Contact GrayMatter

Get in touch with us!