TechHub: Ransomware Wreaking Global Havoc, Real-Time Asset Condition & Water Innovations

The Industrial Ransomware Wreaking Global Havoc

The recent global crisis of ransomware attacks on infrastructures and private businesses have left cyber experts and government authorities scrambling to double their efforts.

Computer systems were infected worldwide in June 2017 with a massive cyber attack similar to a recent assault that affected tens of thousands of machines internationally, causing critical infrastructures to take a major hit.

After recovering from a string of attacks that left thousands without power six months ago in December 2016, the citizens of Ukraine were faced with an even worse offense.

A.T.M.s stopped working, workers were forced to manually monitor radiation at the old, toxic Chernobyl nuclear plant due to computer failures and industrial employees worldwide were scrambling to respond to massive hacks.

“At the Chernobyl plant, the computers affected by the attack collected data on radiation levels and were not connected to industrial systems at the site, where, although all reactors have been decommissioned, huge volumes of radioactive waste remain. Operators said radiation monitoring was being done manually,” according to the New York Times.

The entirely new ransomware infected the systems of Ukraine’s power companies, metro services, airports and government ministries such as Kiev’s central post office.

The outbreak was the latest and most sophisticated in a series of attacks, using dozens of hacking tools, according to the NY Times.

The malware also had an impact internationally, causing system shutdowns of:

  • Danish shipping and transport company Moller-Maersk, resulting in an inability to process orders and its 76 terminals around the world became very congested.
  • Russian steel and oil firms Evraz and Rosneft.
  • French construction materials company Saint-Gobain.
  • Pharmaceuticals company Merck.
  • An Australian factory for chocolate giant Cadbury, resulting in halted production.
ransomware

Special Agent Keith Mularski, Unit Chief of the FBI Cyber Initiative & Resource Fusion Unit.

To continue the discussion on cyber espionage and industrial cyber security, join us at Transform 2017, our annual conference in Put-in-Bay, Ohio.

Special Agent Keith Mularski, Unit Chief of the FBI Cyber Initiative & Resource Fusion Unit heads the Cyber Initiative for the FBI and was part of an effort to declassify cyber threats and pass them on to industry.

Keith will walk through case studies of cyber incidents at US Steel, Alcoa and Westinghouse, revealing how the government communicated and worked together with industry to fight cyber crime.

Learn More About Transform 2017

Don’t Get Stuck in a Rut: Learn the True, Real-Time Condition of an Asset

Cars have data and analytics for when parts should be replaced, so why can’t your utility?

It can.

Like owning a car, the idea is similar for asset management. In a water treatment plant, pumps often come with a “best-by” sticker; a generic six-month date is stamped onto it, creating a time-based system for maintenance, regardless of usage.

ransomware

The date becomes the driving factor for servicing rather than following data.

But there is a better way to capture condition of assets consistently, accurately and efficiently.

The solution lies in combining two systems already in place and leveraging the findings to save time and money, drastically increasing uptime.

Download the white paper to learn how to leverage digital data to effectively and accurately forecast maintenance of assets.

Download the White Paper

Water Innovation Pact Signed to Promote Smart Water Networks

The Water Environment Federation (WEF) and Smart Water Networks Forum (SWAN) recently formed a pact to jointly promote the development of best industry practices for sustainable smart water networks.

Smart water networks detect system leaks and manage energy through incorporating technology, according to Water Technology, an online water news publication.

“Supporting innovation is essential to the water sector, and to further development of intelligent water systems,” WEF executive director Eileen O’Neill said.

In the wake of technological advancements in the water sector, the combination of the groups’ focus on smart wastewater network management and integrated intelligent water practices will provide new skill sets and knowledge, allowing for workforce advancement.

ransomware

Co-innovated smart drinking fountain by GrayMatter & DC Water.

The partnership seeks to determine common barriers of implementing intelligent water practices, technology trends and new solutions.

GrayMatter and DC Water have recently had success through a partnership of their own by co-innovating a smart sensor drinking fountain.

A drinking fountain that monitors water quality and flow in real time – giving users more confidence in the water they are drinking and saving money spent on maintenance and testing. The groundbreaking project addresses lead levels – one of the most pressing issues in water.

“This project redefines public water consumption, putting people and clean water first,” Jim Gillespie, GrayMatter CEO.

The new tech fountains have sensors that use real-time data and analytics to monitor both water quality and flow levels, sending that information to the cloud and back, alerting when water quality measurements begin to deteriorate.

The co-innovation project is just the beginning of many ways private sector innovation and independent operations are joining forces to make water operations more efficient, at a lower cost. The fountains are set to be used in public places this fall, including schools.

Learn more about the GrayMatter and DC Water water innovation project at Transform 2017:

  Learn More About Transform 2017

 

TechHub: Smart Drinking Fountains, Malware Threatening U.S. Power Grid, Manufacturing Profiting from IoT & More

Innovative fountains debut at nationwide water technology summit

A live demo of a new innovative smart sensor water fountain made its debut at ACE 2017, the American Water Works Association’s annual conference and exposition, in Philadelphia, PA.

GrayMatter and DC Water have created a drinking fountain that monitors water quality and flow in real time – giving users more confidence in the water they are drinking and saving money spent on maintenance and testing. The groundbreaking co-innovation project addresses lead levels – one of the most pressing issues in water.

“This project redefines public water consumption, putting people and clean water first,” Jim Gillespie, GrayMatter CEO.

The new smart sensor drinking fountain by GrayMatter & DC Water.

The new tech fountains have sensors that use real-time data and analytics to monitor both water quality and flow levels, sending that information to the cloud and back, alerting when water quality measurements begin to deteriorate.

Built with a special emphasis on lead in mind, the fountain will be used initially in schools, hospitals, day-cares and other similar institutions, according to George Hawkins, DC Water CEO and General Manager.

The co-innovation project is just the beginning of many ways private sector innovation and independent operations are joining forces to make water operations more efficient, at a lower cost. The fountains are set to be used in public places this fall, including schools.

Learn more about GrayMatter and DC Water innovations at GrayMatter’s annual conference, Transform 2017 held August 1-3 in Put-in-Bay, Ohio.

Learn More

Cyber experts identify malware that could disrupt U.S. power grid

The world was awaken to the dangerous potential of utility hacks in December when one-fifth of Kiev, the capital of Ukraine, was without power due to a malicious malware that infiltrated their power grid.

Now dubbed CrashOverride, the same malware that left 225,000 without power in Ukraine, is said to have the ability to be modified and corrupt U.S. power grids as well, according to the Chicago Tribune.

“U.S. utilities have been enhancing their cybersecurity, but attacker tools like this one pose a very real risk to reliable operation of power systems,” said Michael Assante, who worked at Idaho National Labs and is former chief security officer of the North American Electric Reliability Corporation, where he oversaw the rollout of industry cybersecurity standards.

cyber

The most concerning — and dangerous — components of CrashOverride are the ability to manipulate the settings on electric power control systems, as well as a “wiper” component that erases the software on the computer system that controls the circuit breakers.

This lets the malware scan for critical components that operate and open circuit breakers, creating a sustained power outage, and then lock the operator out of their system.

Although it has yet to demonstrate the level of complexity needed, according to the Tribune, the malware can theoretically be modified to target other industrial control utilities such as water and gas.

To get a better understanding of your operational technology control network, download our cyber guide, which walks you through the first steps in knowing what’s on your network and has specific advice about the assessment process from our top cyber security consultants.

Download the Guide

GE Digital urges partners to seek opportunities in the Industrial Internet of Things

GE has been one of the largest brands in selling appliances, aviation systems, energy controls, and industrial solutions for years, it’s no secret.

But in 2015, the company announced a new business – GE Digital – marking an effort to bring together its software and IT capabilities, according to CRN.

“Our goal is to co-innovate with the ecosystem,” said Kevin Ichhpurani, executive vice president of global ecosystem and channels and corporate officer at GE Digital.

As GE continues to reinvent itself, according to CRN, strong partnerships are a key element in order to innovate the industrial IoT.

“I think there’s a ton of opportunities around digital transformation overall,” said Jim Gillespie, CEO of GrayMatter. “But inside of that GE has many more opportunities around Brilliant Manufacturing, asset performance managements, field service transformation and cyber security. There’s just a lot of great areas for partners.”

Read more…

Study finds manufacturers are profiting from the IoT

MPI just released its 2017 study results on the Internet of Things with terrific news for the manufacturing industry, according to Industry Week.

The push to jump on the train to digitization or get left behind has been dramatic in recent years, and there’s been a sharp increase in awareness and investment in IoT technology as a result.

Now the numbers are in to prove how switching to IoT enabled products and applications are positively affecting the manufacturing industry for the better:

  • 72% report increased productivity
  • 69% report increased profitability
  • 65% report increased profitability from sales of IoT-enabled products (e.g., embedded intelligence)

GrayMatter co-founders Jim Gillespie & Carson Drake at the 2017 NHL Stanley Cup Playoffs with top industry thought leaders.

Transforming operations is about connecting your equipment in the right way to eventually create a digital twin to mirror your physical operation and improve productivity. 

The biggest problem as to why manufacturers still aren’t jumping onboard is not knowing where to start.

Download our eBook to see how we’ve helped some of the biggest companies in the world overcome these obstacles and learn how to work smarter as a result:

Download the eBook

CyBlog: This Week in Cyber Security

This week in the world of cyber, the top predictions of what will be trending in 2017 are flooding the web. Talks of industry and utility hacks, scares of increasingly complex malware attacks and pleads of a more stringent cybersecurity system are more prevalent than ever.

Surprise! Your Operational Technology is connected to the Internet

Discussions of the Ukraine power grid hack have been continuing in the news since before the holidays, with constant updates on the follow-up attack and how they’re connected, as well as what this could mean for the industrial and utility world as thousands were left without power.

Kiev (pictured here) is the capital of Ukraine, a victim in one of multiple malware attacks on their power grid.

Kiev (pictured here) is the capital of Ukraine, a victim in one of multiple malware attacks on their power grid.

Security Week, an internet and enterprise security news and analysis publication, predicts that cyber extortion will further target utility plants due to industrial network air-gaps. This makes it easy for cyber attackers to infiltrate SCADA and ICS systems, and possibly PLCs.

The publication also says that due to the increase in interest of interconnectivity and lack of protection within systems, ICS networks are becoming more complex and more exposed to external threats.

Read more on assessing your SCADA system and the upgrading process in our free white paper. 

Cybersecurity and Malware in the World of OT

With the growing and continuing risk of ransomware infiltrating company systems, cybersecurity is even more of a hot-topic for companies than it was in 2016.

ransomware

A possible pop-up screen after malware has distributed into a system.

eWeek, a news publications specializing in the IT industry analysis and technology news,
reported that co-founder and CEO of Keeper Security Darren Guccione predicts small and medium-sized businesses will be more at risk for cyberattacks and data breaches in 2017.

Ransomware isn’t going away. In fact, it’s going to get more effective as hackers become better at embedding the viruses into emails through phishing, a fraudulent practice of sending emails within a company in an effort to steal personal and company information.

As a result, he recommends increasing investment in security defenses to be protected against these increasing threats.

Another prediction from eWEEK is hacks will be getting increasingly more complex. Rather than just single threat vectors, hybrid attacks will be more common. What does this mean? Hackers will be able to infiltrate your system, and then hide their tracks. By using a combination of phishing to deliver malware and then launching a Denial-of-service (DDoS) attack, the system is disrupted and suspends all services connected to the internet. This compromises various systems and is often infected using a Trojan virus — a type of vicious malware disguised within a user system as software.

Lansing

Cybercriminals hacked into and compromised a utility in Lansing, Michigan, at the end of 2016.

Watch our on-demand webinar on securing your operational technology.

The Dangers of Outdated Operational Technology

Speaking of DDoS attacks, Lloyds Banking Group, Britain’s largest mortgage lender, was hit with a viral attack on Jan. 11.

According to Reuters, the bank was “bombarded” with copious amounts of traffic from various systems to overloaded the server. This resulted in temporarily freezing customers out of access to their online accounts.

This comes just months after Britain’s first large cyber bank heist in November when Tesco Banking was hacked. Hackers took funds from 20,000 accounts, and the bank halted all online transactions, and amounted to 2.5 million pounds, or $3 million, in losses.

Shortly after, the European Union (EU) decided it was necessary to boost security and is considering an EU-wide stress test within the industry.

Unfortunately, EU banks “rely on a digital infrastructure that is rigid and outdated,” according to Reuters, and is considering new technologies in an effort to boost security.

Is your SCADA system outdated? Using outdated technology can be extremely harmful towards your internal infrastructure and leaves you at a greater risk for cybercrime.

Contact GrayMatter

Get in touch with us!