Being Prepared for Cyberattacks – An Operational Technology Perspective

Critical infrastructure organizations have become prime targets for malicious ransomware attacks. As essential companies that keep North America running, these organizations can’t afford even minor downtime.

Recently, multiple significant attacks have targeted our gas supply (Colonial Pipeline), food supply (JBS Foods) financial institutions (CNA Financial) and public transportation (New York City Metro). Colonial Pipeline is a large corporation supplying roughly 2.5 million barrels a day – half of the East Coast’s supply of gasoline, diesel, heating oil and jet fuel. But smaller businesses are also seeing increased incidents – with the average cybersecurity breach costing over $25,000 to address and correct1. It’s now a matter of when, and not if your organization will be affected.

While governments tackle this growing threat with new policies to combat cyberattacks, businesses can take immediate steps to better defend themselves on the frontlines. Most importantly, it’s time to revisit how their Information Technology (IT) and Operational Technology (OT) systems are interconnected. Most OT systems were deployed over a decade ago, and they’re less likely to be kept updated than newer networked assets. This leaves them incapable of running the latest cybersecurity tools. More concerning is that the increasingly common practice of connecting these legacy systems to an organization’s IT systems (and therefore the Internet) exposes them to a world of threats they were never designed to address. Hackers now have potential access to a company’s entire operations.

With this in mind, updating your legacy control system and separating it from your IT system should be your first priority. Even better, you should consider replacing a legacy system with one that incorporates the latest cybersecurity features. Though it’s difficult for organizations to consider the expensive replacement of control systems that still function well, it’s critical to weigh those concerns against the possibility of cybersecurity breaches. A single shutdown could cause a smaller company to shut its operations down permanently.

With the main technology issues addressed, the next key step is employee training and better security protocols. In 2020, 85% of cybersecurity breaches took advantage of human error to access encrypted resources and sensitive company information. Most malware and ransomware attacks relied on employees unknowingly clicking insecure links, downloading malicious software/attachments, visiting illegitimate websites or connecting insecure devices (like USB memory sticks) to company equipment2.

The Internet of Things (IoT) is another attack vector. Outdated cybersecurity software and practices usually are not able to effectively monitor next generation Internet-connected devices. Hackers could use those devices as their entry point onto your internal network.

Lastly, something as simple as weak (and overused) passwords can be a culprit. If hackers obtain one password from inside your organization, it’s possible that the same credentials will grant them access to other equipment and platforms on your network.

The above threats reinforce the importance of employee education, two-factor authentication (for much stronger password protection) and general awareness of current online scams.

Cybertech Automation is ready to assist your organization with everything from network design to control system upgrades to employee education. We can help you build strong defences against cybersecurity breaches and guard both your safety and profitability long-term. Contact a Cybertech Automation cybersecurity specialist today to take the first step in protecting your business at sales@cybertechusa.com or 412.770.3135.

  1. The Average Cost of a Cyber Attack on a Small Business is More than $25,000 (smallbiztrends.com)
  2. Verizon’s 2021 Small & Medium Business Data Breach Investigations Report
Read more

I Scream, You Scream – We All Scream for the Faster Production of Ice Cream!

During the turmoil of 2020, North Americans sought refuge in comfort food associated with memories of better times. Responding to that need, U.S. dairy producers churned out just over 1 billion gallons of ice cream last year. The average American consumes approximately 23 pounds of ice cream and related frozen desserts per year. Fortune Business Insights estimates that the global ice cream market will reach $91.9 billion in 2027.1

Today, ice cream and other frozen dessert options are endless: French, reduced fat, lactose-free, sugar-free, gluten-free, organic, gelato, sherbet, snow cones, frozen yogurt, etc. With that wide variety of products come regional, national and international rules – and stringent parameters that govern the crafting of these delicious treats. Meeting these requirements can be daunting for producers small and large, and researching possible solutions can be just as intimidating.

Incorporating automation/analytics into your company’s production line can improve your operations in significant ways. It better standardizes product quality. It streamlines the traceability of raw materials and foods from the production floor to order fulfillment. Because machines are precise, they can create a consistent premium product that ensures customer satisfaction and loyalty. Cybertech Automation has implemented quality control systems that monitor product characteristics such as color, fill level, cap alignment, date code validation, weight and more. We can also ensure that your filler setup matches your desired output product. All of this results in tangible improvements to your overall process that reduce shipping errors and costly rework. Most importantly, automated food production lines are far more responsive to changing regulations and consumer demands – limiting down-time and loss of profits.

Automation in food production also improves workplace safety. Sensors, automated dump valves and locks can limit worker exposure to hazardous areas. Cybertech Automation has also added safety controls to packaging machines – ensuring that personnel can only access the equipment when it is in a safe state.

If/when you’re ready to dive deeper into manufacturing execution systems (MES) and enterprise resource planning (ERP), Cybertech Automation is ready to assist with that next step. We help customers design systems that integrate production dashboards with overall equipment effectiveness (OEE) systems – allowing you to evaluate your productivity against your own uptime targets and evaluate your success against industry standards. Good data means good business decisions – and even better ice cream.

What’s the best way to get started? Work with Cybertech Automation to design the perfect combination of automation and equipment that meets your unique requirements. Our experienced staff have decades of experience designing, developing and implementing specialized control systems for the food industry. For the dairy industry specifically, we have extensive experience with:

  • Raw product blending systems
  • Batch pasteurization
  • HTST pasteurization
  • Integrating clean-in-place (CIP) systems with overall automation structures
  • Material handling (feeding to and from filling and packaging machines, conveyor indexing, etc.)
  • Specifying equipment/systems that adhere to FDA 21 CFR Part 11 requirements

We’re always ready to learn about the specific needs of food and beverage customers and provide options to maximize production while staying within budget.

Interested in speaking with a Cybertech Automation control system specialist to discuss your facility upgrade? Please contact sales@cybertechusa.com today.

  1. https://www.idfa.org/ice-cream-sales-trends
Read more

Operational Technology Security Crisis

July 2, 2021

Industry 4.0 means access to timely and accurate data from your industrial systems. The Industrial Internet of Things (IIoT) improves operational performance, ensures safety and compliance – and increases flexibility at an affordable cost. The global IIoT market size is expected to grow from USD $65 billion in 2018 to USD $118 billion by 2025, at a Compound Annual Growth Rate (CAGR) of 8.83% during the forecast period of 2025. The growth of the IIoT in production is driven by factors such as:

  • technological developments (low cost of computing power),
  • increased use of cloud computing systems,
  • use of Industrial Controls Systems (ICS),
  • transition from closed propriety networks to standardization on Ethernet,
  • and funding for IIoT research and development from the government.1

As access to the data and computing resources expands, the sharing of information and correspondence between ICS and IT are defined as Operational Technologies (OT). OT is used in a variety of industries including manufacturing, oil and gas, electrical generation and distribution, aviation, maritime, rail and utilities. This new industrial world of connectivity anywhere at anytime raises a variety of security issues. With ICS networks becoming inexpensive and user friendly, the vulnerabilities and challenges of managing this connectivity have increased. Cybersecurity must be an integral part of any OT network. Most companies believe that having IT security in place is a defensive blanket that swaddles the business – shielding them from the predators of the outside world. The truth is, without having OT security, there is a virtual back door that is unlocked and open to anyone.

How do you know if your company has OT security?

Ask yourself these basic questions:

  • What devices are on your network and who has permission to operate them?
  • What can these devices access?
  • Do these devices have uncontrolled gateways to the internet?

When these questions go unanswered or the response is “I don’t know”, there is a substantial possibility that your business is exposed to threats from cyberattacks.

How can Cybertech Automation support your efforts against these threats?

To cope with the challenges in OT Cybersecurity, Cybertech Automation will take vital steps to ensure the safety of your assets and greatly reduce the risk of an attack. The first step will be to gain visibility by tracking and maintaining accurate inventory of OT assets with a comprehensive audit of your OT and ICS systems. Next, we analyze the data from a thorough audit called an assessment, which applies years of experience, industry best practices and standards to develop an action list of what issues were found, what issues are critical and how they can be fixed. Just like you have a SCADA system to help optimize and control your industrial process, you need an OT security solution to help improve visibility, suppress industrial cybersecurity events and ensure the protective controls you have implemented are operating correctly.

What are the top OT security threats that your company needs to be aware of?

OT security attacks can happen due to an internal mistake. Often, the same external hardware and removeable media are used in the office, in a public place and in the home. Malware and ransomware conceal their identity until connected to a company network, then deploy their objective to damage, disrupt and block access. Additionally, employees surfing the web on an OT computer provide a passageway for malware and ransomware to sneak in. For example, employees can (unwittingly) install malware through emails, games or by inserting USB devices into their laptops. They are often unaware of the risks associated with such actions. Systems can also be compromised by unauthorized or incorrectly configured software and hardware. Finally, legacy equipment, safety regulations that may prohibit any modifications being made to equipment, and compliance regulations that require sensitive data to be made available to third parties can all create an unsecure entrance into the system.

If you are interested in learning more about OT security for your company, please contact Cybertech Automation to discuss options for a safer future.

  1. https://www.olisystems.com/post/what-does-industrial-internet-of-things-iiot-mean-for-process-industry
Read more

Cybertech Automation Supports Critical Water and Wastewater Treatment Plant Upgrades

May 21, 2021

Cybertech Automation assists water and wastewater treatment plant operators with upgrading outdated Programmable Logic Controllers (PLCs) and transforming obsolete operating systems into functioning, efficient control systems. We’re committed to supporting and maintaining critical water treatment infrastructure – with a solid understanding of the industry’s history and evolution.

Though the first sewer systems in the United States were built in the late 1850s (in Chicago and Brooklyn), the first sewage treatment plant using chemical precipitation was built in Worcester, MA in 1890.

Today, the average American family uses more than 300 gallons of water per day just at home. Roughly 70% of the water usage is indoors – which explains why there are more than 16,000 wastewater treatment plants currently in operation removing contaminants and processing sewage.1

Evolving with technology, water treatment plants have made major operations improvements: from pneumatic devices to automated control systems. Automation has also transformed significantly over the last 30 years – causing legacy control systems to be placed in end of life or retired status.

When it’s time to update your water treatment plant’s PLCs and operating systems, Cybertech Automation is ready to support all of your upgrade needs. We also perform live swing-overs (to ensure minimal downtime), utilize existing control cabinets as marshalling panels and provide wiring drawings for future updates. If your water treatment or wastewater treatment plant has a legacy PLC, RTU or DCS system that is no longer supported, please contact Cybertech Automation to discuss options for migration upgrades.

  1. Burian, Steven J.; Nix, Stephan J.; Pitt, Robert E.; Durrans, S. Rocky (2000). “Urban Wastewater Management in the United States: Past, Present, and Future” (PDF). Journal of Urban Technology. 7 (3): 33. CiteSeerX doi:10.1080/713684134. S2CID 23561154. Archived (PDF) from the original on 11 August 2017.
Read more

Cybertech Automation USA COVID-19 Update

June 24, 2020

Cybertech has implemented business continuity and pandemic response plans and we are fully prepared to continue supporting our clients.

We do not anticipate any service disruptions for our customers as we are well-prepared to remotely execute projects and support our clients’ critical infrastructure. Cybertech has been deemed a critical resource for our clients in essential industries such as oil and gas and food production.

Cybertech is complying with and supporting all the guidelines from our local, state and federal governments. You have Cybertech’s commitment that we are taking every step to safeguard the well-being of our employees and clients.

We are especially grateful to all medical and emergency services workers, along with workers in critical industries who are keeping all Americans provided with the goods and services needed during this extraordinary period.

Thank you for your support and stay safe.

Please contact Aaron Jones, Director (aaronj@cybertechusa.com) if you have any questions or concerns.

For our Canadian clients, please refer to our Cybertech Automation update here.

Read more