Cyber Supply Chain Management

Greetings and welcome back!  This week we continue our series in Cyber Supply Chain Management.  As a quick recap, we discussed last week that the 3 major communications protocols for electrical, mechanical, security and fire/life safety systems were all vulnerable to cyber attack.  Those protocols together with links to research showing the dangers of their vulnerabilities are:

Because your critical building systems use the protocols to communicate and, because the networks on which they sit eventually touch the Internet, all your electrical, mechanical, security and fire/life safety systems are considered to be part of the Industrial Internet of Things (IIoT).  As the following graphic shows, organizations are coming to grips with the fact that IIoT systems create cybersecurity danger within their facilities.

Cyber Supply Chain Management

As building systems become increasingly connected, 90% of all organizations surveyed expect the total number of IIoT devices in their site to rise.  The survey also showed that both large and small organizations see the increasing number of IIoT devices as creating a SIGNIFICANT INCREASE in their cyber risk profile.  So what are some of the most common pieces of IIoT infrastructure to be found at facilities.  The following is a list of some of the major IIoT systems:

  • Uninterruptible Power Supplies (UPS)
  • Power Distribution Units (PDU)
  • Smart Thermostats
  • Smart HVAC Controls
  • Lighting Control Systems
  • Security Systems
  • Fire Protection Systems

With the understanding that all of these systems could be attacked and the hijacked to harm to your company and its personnel, we turn to the crux of our issue: controlling cybersecurity by Managing Cyber Supply Chain Management.  Vendors that supply these systems to your organization have long been touting the advantages of having “smart” systems with built-in networking and alarming capabilities.  Unfortunately,  these same vendors often remain silent, pass-the-buck or simply deny the vulnerabilities within their systems.

The goal of this blog series if to let each organization see that you are in control of your own cybersecurity by managing your supply chain vendors.  Every vendor which supplies products to your organization should be able to demonstrate their ability to secure the communications of those products.  Most often, they must offer 3rd party security solutions as a part of their package.  If organizations are to get control over cyber threats, they must require their vendors to comply with a list of cybersecurity requirements just as they do for electrical and mechanical specifications.

At AlphaGuardian, we are happy to work with both purchasers of IIoT systems as well as the vendors.  We believe that only a coordinated effort among purchasers and vendors will ultimately bring about proper solutions to the huge problem of securing your site infrastructure.  Please think about these things and, if you would like to speak about this in confidence, please feel free to give us a call.  We are here for you.

Until Next Time,

Be Well!

IIoT Cybersecurity through Supply Chain Management

Greetings and welcome back.  This week we begin a new series on IIoT Cybersecurity through Supply Chain Management.  Cybersecurity is no longer an option for any company, especially if your organization is covered under one or more of the specific pieces of security legislation.  Until now, most organizations have accepted the fact that they must just “accept equipment as it exists” and do the best they can to mitigate cybersecurity flaws in the equipment the they purchase.

It is clear that virtually every kind of device that is a part of the Industrial Internet of Things (IIoT) incorporates communications that are vulnerable to a cyber attack.  The key protocols used and specific vulnerabilities can be found below with links to peer-reviewed vulnerability research papers:

Virtually all Power, HVAC, Security and Fire/Life Safety systems use one of these protocols for continuous monitoring/management.  Once they are placed on your network, there will at some point be a cross-connect from the network which these systems are located and the Internet.  If you or anyone in your organization can remotely connect to any of these systems over the Internet, then they are part of the Industrial Internet of Things.

It can be stated clearly that all IIoTsystems which use either Modbus, BACnet or SNMP are vulnerable to a cyber attack.  With the understanding that your systems can be hacked and used as a weapon against you, its then critical to formulate a plan to mitigate your risks.  Fortunately, the National Institute of Standards and Testing (NIST) has created an excellent Guide for Cyber Supply Chain Risk Management to all purchasers of IIoT systems.  We will be looking at this short but excellent document and expanding on key tasks that every purchaser of IIoT systems can do to protect their organization.

In today’s blog, we will focus on the first and most important point from this document:

“Develop Your Defenses Based on the Principal and Your Systems WILL Be Breached.”

As the NIST document points out, this very principal changes the game because it ensures that you must take proactive steps within your supply chain.  The first and most important steps is to request that each vendor provide the following information:

  • What communications does this unit provide?
  • What protocols are used in this units communications?
  • What security are your providing to mitigate the security weaknesses of Modbus, BACnet and SNMP?

The important thing is that, by using the NIST’s standards, you are able to place the cybersecurity responsibility for every piece of IIoT equipment squarely on the backs of the vendors who supply this equipment.  It is no longer acceptable in today’s cyber-risk environment for a vendor to ship you a system with vulnerable communications and expect you to be solely responsible for securing that system.

Please think about these short but powerful rules that the NIST has created.  We would be happy to discuss how we can work with your vendors in your efforts to ensure that all your IIoT systems are secured against hackers.

Until Next Time,

Be Well!

 

TRITON/TRISIS Malware and the IIoT

Greetings and welcome back.  This week, we look at a major topic in the news: TRITON/TRISIS Malware and the IIoT (Industrial Internet of Things.  To begin with, we would direct you to an excellent article on the subject by Kelly Jackson Higgins on DarkReading.com.  This provides a detailed view of this very significant piece of Malware and we believe it is must reading for all who could be affected.  We will attempt to provide a Quick Start look at this Malware in this blog and will plan to follow up as things develop.

What is TRITON/TRISIS?

It is a targeted Malware that can allow the user to take control of a Tricon Safety Instrumented Systems (SIS) device made by Schneider Electric.  SIS systems are used primarily in process industries to act as a safety traffic cop against certain dangerous situations.  An example would be to open a pressure relief valve when pressure in a pipe becomes too high or to turn-on an emergency cooling system when temperature in a process becomes too high.  SIS systems use realtime feedback from instruments placed at appropriate locations within a processing facility for the purpose of avoiding a disaster if some process moves out of normal parameters.

The TRITON Malware was built to specifically target the Schneider Electric Triconex SIS controller unit.  It was written with deep-knowledge of how the firmware and software for this system works but, It is unclear as to what the ultimate goal of TRITON was because it ultimately failed to execute a control command on the unit.  To put it simply, the Malware had the Triconex controller in its grasp but, it failed to actually harm it.

Because SIS systems are networked and, at some point, that network most always touches the Internet, all SIS systems are ultimately a part of the Industrial Internet of Things (IIoT).  Unfortunately, as the graphic below demonstrates, while the majority of companies see IIoT systems as security risks, the majority believe they are not devoting the necessary resources to address the problem.

TRITON/TRISIS Malware and the IIoT

In the first known case of an attack on a process facility, a problem was ultimately detected thanks to a FireEye security system and, the Malware at this particular site has apparently been neutralized.  Thanks to the openness of Schneider Electric to bring this issue to public attention, users have the ability to be informed and to begin the process of adequately securing their SIS systems.  Therefore, SIS system users must begin the process of learning and preparing to ward-off potential attacks.

Who is potentially effected by TRITON/TRISIS?

Any organization that uses SIS systems is potentially effected.  This includes at least the following industry sites:

  • Power Plants
  • Oil and Gas Refineries
  • Chemical Plants
  • Pharmaceutical Plants
  • Water Treatment and Water Distribution Facilities
  • Electronics Manufacturing
  • Food Processing

These industries, as a whole, employ millions of individuals and contribute literally Trillions of Dollars in GDP each year.  Because of this, a Malware attack that targets one or more organizations could harm large numbers of people and could also cause major economic damage.  Because the Malware has such an enormous potential for harm, all organizations who are in these industries must take note and begin to prepare against the real potential of a cyberattack against them.

What is the future for TRITON/TRISIS Attacks?

This is a serious issue because the Malware itself was unfortunately released onto a public website and, from there, has been spreading rapidly.  Because of this, the well-developed code base is available to be used and perfected by just about any hacker or cyber criminal organization.  Just like Stuxnet was developed by a highly sophisticated organization to target Siemens centrifuges in Iran but, then was released onto the Internet and used for other attacks, so too TRITON can now be used to target Triconex controllers around the globe.

What can be done to protect a plant from harm?

First and foremost, realize that cyber threats against your organization are very real.  Either a nation-state or a cyber criminal organization with vast resources spent enormous efforts to develop this Malware.  The fact that it only managed to cause a plant to be shut down and not destroyed only shows that this was a trial run.  The next time, a victim is not likely to be so fortunate.

Second, realize that the Industrial Internet of Things is every device that is connected to your network and that, at some point, your network comes in contact with the Internet.  Because of this, every system that is connected to your network is a potential target.  Clearly, the user who was attacked by this first trial-balloon of TRISIS had a well-developed perimeter firewall system but, the attacker was able to penetrate it an load their Malware on the target SIS device.

Third, and most importantly, please understand that the old adage: “An ounce of prevention is worth a pound of cure” is very true for cybersecurity.  If you believe that you can put-off spending the resources to build an air-tight defense, you are likely to end up paying a very high price.  Further, because this is a critical safety issue, we are talking about human lives, not just money.

As practical steps, plants shoud begin to take the following steps:

  • Isolate each SIS system from your other networks
  • If your SIS controllers are self-contained (i.e. – they need no outside software to operate) then consider placing a data diode in front of each system to eliminate the possibility of an outside-in attack
  • If your SIS controllers required outside software for control commands, place a high-end firewall in front of the software system

Please think about these things and, if you would like to have a confidential discussion about your system’s security, please feel free to give us a call.  We’re happy to help.

Until next time,

Be Well!

 

 

 

Cyber Vulnerabilities in Server Room Monitoring Units

Greetings and welcome back!  This week we take a look at a very intriguing subject: Cyber Vulnerabilities in Server Room Monitoring Units.  Server rooms and network closets store and transport critical data to and from your site.  Because of this, its common to purchase server room monitoring units or network closet monitoring units to monitor the critical power, environment and security in these rooms.  The problem is: these monitoring units can actually open up your data to hackers – more than offsetting the value of their monitoring data.

cyber vulnerabilities in server room monitoring

To begin with, the standard form of communications for room monitoring units is SNMP.  As we have noted many times in this blog, SNMPv3 – the latest version of SNMP – has been hacked and no longer provides a safe means of monitoring communications.  This excellent presentation from Nigel Lawrence and Patrick Traynor of the Georgia Institute of Technology, shows how insecure this protocol has become.  It should not be surprising that SNMPv3 is no longer a secure communications option as the protocol was adopted over 15 years ago.  This legacy protocol creates the opening for vulnerabilities in server room monitoring.

To take a closer look at this problem, let’s consider that products in this industry are made by a wide range of manufactures and, not surprisingly, have a wide range of vulnerabilities.  Because SNMP units self-identify themselves and, because it is easy to find such units on the Internet using the Shodan Search Engine and we were able to find hundreds of thousands of SNMP devices in the U.S. alone – most of which are in end-user or customer sites and attached to cable modems.  Many of these devices are in small server rooms, network closets and remote network sites.  All of them are hackable by an individual of even modest skill level.  All that any hacker needs to do is simply use Shodan to hone-in on their targets and then launch an attack.

Vulnerabilities in Server Room Monitoring Units

So how do you fulfill you need to monitor your small or remote sites while ensuring their security at the same time?  Fortunately, that is the purpose for which AlphaGuardian was created.  AlphaGuardian provides products that can creates a stealth shield around any SNMP device while it monitors that device securely, and pushes its data by encrypted communication to our secure cloud system.  That allows you to monitor any device, in any location with total security.

Please think about this and if you would like to have a confidential conversation about securely monitoring your small rooms and remote locations, please give us a call.

Until Next Time,

Be Well!

Cyber Vulnerabilities In Healthcare Network Closets

Greetings and welcome back!  This week we take a look at a serious security problem: Cyber Vulnerabilities in Healthcare Network Closets.  This is a particularly troublesome problem for most every healthcare facility and one that needs to be considered carefully.

To begin with, electrical and network personnel segment network closets into  two types of rooms:

  • Main Distribution Frame (MDF) – this is the central point where all network and telecom connections arrive at your facility
  • Intermediate Distribution Frame (IDF) – are the individual network rooms located on floors throughout your facility

Your central MDF room and your distributed IDF rooms are the transit points for all of the data that travels within your facility.  That means that anyone who can gain access to one of these rooms has the ability to capture, modify and even alter data as it travels through your network.  Because of this fact, the physical and cybersecurity of these rooms is hypercritical to the security of every healthcare facility.

An excellent study of over 100 network rooms in multiple buildings on a college campus was published by Nathan Timbs at East Tennessee State University.  In this study, there was an average of more than 1 security flaw discovered for each of the network closets in service.  The reason is likely that network closets are often out-of-sight and out-of-mind and, hence, are given very little consideration for either cyber or physical security.  In fact, if you stroll around your facility on any given day, it would probably not be surprising to see a network closet just propped-open when a telecom or network worker is making changes to equipment or wiring in a room.

Perhaps the most damaging type of attack that has become all-too-frequent in MDF and IDF rooms is the cyber/physical attack where the hacker steals massive amounts of data.  Such was the case in one of the largest data thefts on record where an individual broke into network closets at Massachusetts Institute of Technology, connected a laptop to a network switch, and simply left the laptop in the room to gather enormous amounts of data.  This is a sad case for many reasons and makes for interesting reading.

Another type of attack that is becoming more frequent is the use of the network interface on a Rack Power Distribution Unit (PDU) or Rack Uninterruptible Power Supply (UPS) as a backdoor to the network equipment in the room.  A recent case that involved another serious data theft used just such a strategy to use a Rack PDU as a backdoor to navigate to the data that was within systems in the same room.  The data thief was outside the walls of the company’s facility and still was able to navigate through the perimeter firewall and then use the Rack PDU as their fox hole from which to operate.  No one suspected until after the theft had been committed.

HIPAA regulations are explicit in their requirements for securing ANY room in which data is traveling or at rest.  HIPAA also requires the securing of all power systems within ANY room in which data is present.  The specific regulations in play for these requirements are as follows:

  • Physical Access Monitoring and Control – According to the Department of Health and Human Services, nearly half of HIPAA Security violations for 2016 involved breaches of Physical Security. HIPAA regulations specifically define Physical Network Security requirements and these include Section 164.310: Facility Access Controls. Implement policies and procedures to limit physical access to its electronic information systems and the facility or facilities in which they are housed, while ensuring that properly authorized access is allowed.
  • Backup Power Monitoring and Control – Backup Power is a necessity to allow the protection of and access to critical medical records in the event of a power back out or other power event.  This requirement is described in HIPAA Security Section 164.308(a)(7)(ii)(C) Establish (and implement as needed) procedures to enable continuation of critical business processes for protection of the security of electronic protected health information while operating in emergency mode. When a covered entity is operating in emergency mode due to a technical failure or power outage, security processes to protect EPHI must be maintained.”

At AlphaGuardian, we take the security of network IDF and MDF rooms very seriously.  Our RackGuardian unit was built as the only product on the market that provides full physical access security for any room while it also provide comprehensive security for all of the following areas:

  • Physical Security – RackGuardian integrates with any Wiegand-based card or biometric access system
  • Cybersecurity – RackGuardian’s private network port is attached to each Rack PDU and UPS system in your room and provides an firewall which renders anything plugged into it to be stealth on your network
  • Operational Security – HIPAA requires that all power and related systems be monitored to ensure their uptime.  RackGuardian can monitor any SNMP or Modbus device and convert its data into encrypted steams which are pushed to our secure cloud service.

We would encourage each reader of this blog to contact us for a confidential discussion of securing your network closets.  Whether  you have 2 closets or 2000, we can cover you and make all your network closets secure.

Unti Next Time,

Be Well!

Cyber Vulnerabilities in Healthcare IIoT

Greetings and welcome back.  This week we look at Cyber Vulnerabilities in Healthcare Network IIoT.  This blog comes from a visit that I paid to a local healthcare provider, one of many of their offices in the Bay Area.  I jumped-onto their public Wi-Fi network and then decided to do a Fing scan of the objects on that network.  Amazingly, there were hundreds of systems that should have been on a secured private network but, were actually open for the whole world to see right on the public network as the screen shot from my iPhone shows below:

Vulnerabilities in Healthcare IIoT

As it turns out, I was at another location of this same healthcare provider and saw the same problem.  There are switches, IP phones, tablets, refrigerators, medical equipment and just about everything else you can think of – all freely viewable on their public Wi-Fi Network.  The open ports ran the gamut and created a situation where they are easy targets to someone with mal-intent.

This situation shows that, all-too-often security for the IIoT – basically anything except computers – is not taken seriously.  Because of this, it should be no surprise that there are a growing number of HIPAA breach violations and there are also an increasing number of law suits being filed by individuals who have had their privacy breached.  While such law suits must be filed in state court, they are very lucrative to attorney’s and their clients and the trend is only likely to grow.

It is critical for healthcare organizations to understand the hierarchy of IIoT systems and the harm that can be caused with a data breach or a cyberattack with the intent to harm patients.  This IIoT Pyramid clearly shows that all connected power and HVAC systems support the IIoT medical systems which, in turn, support the patients.  Any attack on any phase of the IIoT can lead to more than data breaches, they can cause harm or even death to patients.

We urge all readers that are part of healthcare organizations to give one of our experts a call to have a confidential conversation on how we can make all of your IIoT systems stealth and keep them out of the reach of the bad guys.  It can give you the peace of mind that your systems, and most importantly, your patients – are safe.

Vulnerabilities in Healthcare IIoT

Until Next Time,

Be Well!

 

Backup Generator Cyberattack Vulnerabilities

Greetings and welcome back. This week we begin a short series about Backup Generator Cyberattack Vulnerabilities.  Backup generator systems provide electric power when utility service is interrupted.  Diesel generators provide backup power for commercial buildings and data centers and are indispensable to keep operations functioning in a utility power outage.  The commercial market generates nearly $20 Billion in annual revenue to generator manufacturers and service companies.

Diesel generators must be monitored for their ability to generate power when needed and to insure that, when operating, that all systems are running in their defined parameters.  Unfortunately, diesel generator systems universally employ the Modbus protocol for their remote communications.  As most who are regular readers of this blog know, Modbus is a protocol that is several decades old and has absolutely NO security.  This excellent White Paper by Wei Gao and Thomas Morris from Mississippi State University discusses Modbus/TCP vulnerabilities in detail and makes an excellent primer for understanding the many different levels of Modbus vulnerabilities.

Modbus uses a Master (host computer) and slave (attached to the generator or other device to allow it to be monitored) based system. Modbus has also been studied as to its vulnerabilities to electrical grid-based systems by many organizations, including the California Energy Commission (CEC).  The CEC does not mince words with respect to the vulnerabilities posed to the users of a Modus-based system for electrical power operations:

When the master sends a message to the field device, it needs to first authenticate the device from which it obtained the packet and then process the packet. Modbus protocol lacks this ability and hence middle man attacks can easily take place in Modbus.

This means that every backup generator equipped with a remote monitoring system can be hacked by someone of even low degree of skill.  Because backup generators play such a critical role in most commercial facilities, it becomes of primary concern to ensure that all generators used by a facility are monitored in a way which ensures full security of the generator itself and of all generator communications.

Our CyberGuardian unit was built specifically with security for critical power systems in mind.  The CyberGuardian system includes a Secure Monitoring Unit that creates a stealth network for your generator systems and also acts as a firewall to repel any attempts to communicate with your generator systems.  The CyberGuardian sends the data that it gathers from your generators to our Secure Cloud App, from which you can securely monitor your generators from any location.  The combination of Secure Monitoring Unit and the Secure Cloud App means that you can remotely monitor your generator without leaving the unit on an unprotected network.

Please think about this and, if you are ready, we would be more than happy to have a confidential discussion about monitoring your generator systems in a fully secured system.

Until Next Time,

Be Well!

Vulnerabilities in the Power Grid to a DER Cyberattack

Greetings and welcome back.  In the past two blogs, we have looked at the vulnerabilities of individual Distributed Energy Resources (DER) sites to cyberattacks.  In this week’s blog, we take a more macro view and explore the Vulnerabilities in the Power Grid to a DER Cyberattack.

To begin with, The North-American Electric Reliability Corporation (NERC) owns the responsibility for the reliability and security for all bulk power generation and distribution in North America.  NERC understands very well that the rapid rise in DER power systems over the past 10+ years has fundamentally changed the way that the grid operates.  In addition, they make it clear that the previous assumptions of how to deal with generation catastrophes has changed in ways that are not well understood at this present time, as can be seen by a statement made earlier this year:

“As the penetration level of DER increases, the classical transmission model of distribution system load (netted generation and load) is not valid; the unique characteristics of DER must be modeled separately.”  NERC, Distributed Energy Resources – Connection Modeling and Reliability Considerations, February 2017

NERC has been at the forefront of developing Cybersecurity standards for all power plants within their purview, including DER systems.  At a quick glance, the following standards for Critical Infrastructure Protection (CIP) have been laid-down by NERC:

  • CIP-002 Cyber Security – BES Cyber System Categorization
  • CIP-003 Cyber Security – Security Management Controls
  • CIP-005 Cyber Security – Electronic Security Perimeters
  • CIP-006 Cyber Security – Physical Security of BES Cyber Systems
  • CIP-008 Cyber Security – Incident Reporting and Response Planning
  • CIP-009 Cyber Security – Recovery Plans for BES Cyber Systems
  • CIP-010 Cyber Security – Configuration Change Management and Vulnerability Assessments

Clearly, NERC takes Cybersecurity seriously.  The problem is, with large DER systems owned by so many different groups, there is ample room for differences of opinion as to what these regulations mean and how they are to be enforced.

What I can say with assurance is the following:

There are THOUSANDS of DER sites that can be found on the Internet and VIRTUALLY ALL OF THEM ARE EASY PREY FOR HACKERS.

We did a search on the Shodan Search Engine and found over 2000 DER sites online and within easy reach of any cyber hacker.  This leads us to believe that many sites have already been compromised with the hacker or nation-state actor just waiting for the right time to make a move.  The move could be a Ransomware attack, an attack that shuts down the system or, even an attack that destroys the system.  In the end, there is no good outcome.

This is serious business and AlphaGuardian was created for just this purpose – to secure mission critical infrastructure from cyberattack.  We have a wealth of products and services that can help the smallest DER system to a larger scale DER company.  We welcome your confidential questions and look forward to discussing how we can solve your own DER security issues.

Until Next Time,

Be Well!

 

 

Energy Storage System Cyber Vulnerabilities

Greetings and welcome back.  This week we continue our series on Distributed Energy Resources (DER) cyber/physical vulnerabilities as we take a look at Energy Storage System Cyber Vulnerabilities.  Energy storage systems are predominantly battery systems that are charged during periods of DER generation when a plant’s energy production exceeds its demands.  That stored energy can then be released during other times when the demand for energy from that plant exceeds its production.  A classic example of this is a solar plant which produces significant amounts of energy during daylight hours and nothing during the night time.  So, a battery-based energy storage system can be charged with the excess energy from solar production during the day and that battery system can release its energy during non-production hours at night.

Monitoring for battery-based energy storage systems, together with their sister-technology cousins – battery backup systems for rectifiers, uninterruptible power supplies, etc. – standardize on Modbus and/or SNMP communication protocols.  As regular readers of this blog know, both of these protocols are easily hacked by persons of even modest skill level.  Modbus has absolutely NO encryption or passwordings which means that anyone can see Modbus communications traveling over a network as clear text.  It also means that anyone can see the type of device involved and can send commands to that device to cause any type of havoc that at hacker desires.  As an example of how an extremely serious situation can ensure if someone takes over the Modbus communications to a battery storage system, the following warning from a manufacturer speaks volumes.

Energy Storage System Cyber Vulnerabilities

Because energy storage systems can store huge amounts of amps, the ability to discharge or otherwise alter these systems when not expected can cause serious consequences and even serious injury or death is a person is in proximity to these systems.  This reason alone should be reason enough for any owner or operation of even a modest sized battery string to protect this system from cyber attacks.

The other protocol often used in an energy storage system is SNMP.  As we have mentioned in previous blogs, SNMPv3 is the latest version but, at over 15 years old, the security available in this communication protocol has long-since been compromised.  An excellent paper from the Georgia Institute of Technology on this subject can be seen here and should be reviewed by anyone who is using an SNMP device that include batteries for energy storage or power system backup.  These devices automatically broadcast their presence, brand name, model and location with no security whatsoever as can be seen in the following screenshot taken from a Shodan Internet search.

Energy Storage System Cyber Vulnerabilities

As you can see, there is little left to the imagination from this search.  In the case of this particular device, anyone can actually reset the unit, create their own user credentials and lock-lock out the actual user to set up a Ransomware scenario.  We saw in the case of the Modbus communications that a manufacturer advises that human life can be jeopardized.  Here in the case of SNMP, we see a real-life example of a battery system where a hacker could take over one or even hundreds of sites and hold them for ransom with the owner having little chance to gain control of the systems.

Clearly, energy storage systems are vulnerable to hackers and must be protected.  Our CyberGuardian product was developed from the ground-up to protect Modbus and SNMP-based systems from hackers.  CyberGuardian locks out the bad guys with its patented data-diode communications technology.  At the same time, it monitors your energy storage systems and communicates all of its parameters to our secure cloud system.  From the cloud, you may view and monitor your systems from any location with full security.  You can also have our cloud system send your data to any other 3rd party cloud-based monitoring system with complete security.

Please think about these things and, if you would like to have a confidential discussion about securing your energy storage systems, please feel free to give us a call.  We’re here to help you.

Until next time,

Be Well!

Distributed Energy Resources – DER Cybersecurity

Greetings and welcome back.  This week we begin a series about Distributed Energy Resources – DER – and Cybersecurity. This is a key topic for everyone involved in power generation as DER sites become more and more important in the overall picture of energy generation.  DER systems included generating systems such as solar and wind plants as well as energy storage systems.  Because solar and some wind systems produce power during the daytime hours, energy storage systems in batteries and other systems allows for the use of excess energy produced by these systems during the evening and night time.

Solar plants are extremely vulnerable to a remote cyberattack.  The reason for this is that most all solar facilities are remotely managed via cloud or centralized software located away from the solar plant.  While one might think that solar plants have some basic security from the plant to a remote site, this would be a wrong assumption.  In fact, in a scan using the Shodan Search Engine, we found many thousands of solar inverters, over 2,000 of which were large commercial sites.  In virtually all cases, there was no firewall protection of these systems.  In the cases where a firewall was present, we were often able to see right thought the firewall as if it didn’t even exist.

DER Cybersecurity

 

Why are inverter and energy storage systems so easy to find on the Internet.   A primary reason is that these systems standardize on protocols which have little or no security whatsoever.  In the case of inverters, the Sunspec Alliance – a group of solar equipment manufacturers – have chosen to standardize communications using the Modbus protocol.  What is particularly ironic about this choice is that in the California Energy Commission’s Guid to Smart Grid Best Practices, they specifically call-out against the use of unprotected Modbus as follows”

The Energy Commission goes on to describe that any Modbus installation must be secured at the source – the Modbus devices themselves.  Our CyberGuardian system was built with this purpose specifically in mind.  CyberGuardian monitors and creates a stealth-shield around any Modbus/IP and Modbus/Serial device.  This makes it unique in the industry.  The unit also encrypts and pushes the data from inverters and other systems to our secure cloud system.  From that point a user can choose to use our cloud interface or can also choose to relay the secured information to their own cloud-system provider.  In either case, you remove the ability to remotely hack your solar inverters and systems and you still get to securely see and use the data in your choice of cloud formats.

Think about this and we would be more than happy to have a confidential discussion and work with you to secure your valuable solar energy plant.

Until next time,

Be Well!