Today, we’re talking with one of those companies, WIN-911.
WIN-911’s Cody Bann talks with us about how companies can not only improve their cyber security, but also mitigate their risks for cyber-attacks. We then shift into a conversation about how tools like remote alarm notification software can help reduce cyber-attacks in processing facilities.
We’re then joined by Ozarka’s Trey Mixon, who explains how this Blue Triton brand out of Texas is using WIN-911’s remote monitoring tool and why it’s critical for them in keeping up with their real-time and long-term monitoring data.
Trey then offers an example of an emergency that was averted because of the Remote Alarm Software before explaining the advantages the software provides him and his team when they’re not on site.
Transcript
Food Processing: I think a lot of people hear cyber security and think of computers being hacked. There are a lot more nuanced cybersecurity concerns processors should be worried about. What's a step a manufacturer could take to improve their cyber security?
Cody Bann: Recently ransomware attacks have increased quite dramatically. A ransomware is a type of malware that locks down access to files or the computer OS itself until a monetary ransom is paid. And it can absolutely grind your operations to a halt. We saw this famously with Colonial Pipeline last year. A more recent survey by Sophos showed that two thirds of organizations were hit by at least one ransomware attack, and nearly half of those paid the ransom. So if you haven't been hit yet, you're in the minority and the financial incentives are only going to make this much more of a problem for everyone moving forward. Looking at your question from the current events' perspective, I think the best remedy for ransomware is preparing continuity and disaster recovery plan, making the backup so that you can avoid the ransom and the downtime.
And the good news is that there's a variety of reliable, inexpensive offsite backup solutions to consider, so this is easily actionable. If your organization doesn't have a solid disaster recovery plan in place, you should absolutely raise that concern. Also, a lot of those attacks start from phishing or watering holes, and so educating and reminding employees to be vigilant is a good idea and it's also easy to implement. Cybersecurity training courses are readily available.
A timeless recommendation would be to keep your software updated. Those of us who build and maintain software for a living know how important that is. The more critical an application is to your process, the more important it is to make sure that it's running the latest stable version, operating systems and SCADA systems, especially.
Unfortunately, running antivirus software on a machine doesn't magically plug holes in vulnerable applications, so those need to be remedied with patches and with upgrades. And those require planning and they consume IT and OT resources. By preparing an inventory of such systems and the applications in use, that's easily actionable and it can help prioritize such upgrades.
Finally, I think another step you could take is just to review your password policies. Avoid sharing passwords between users and employ two factor authentication wherever possible, and where not possible use strong passwords and change them periodically. Importantly, retire credentials when personnel exit the organization and avoid the laziness of granting users more permission than they need.
FP: It's great that manufacturing plants are adopting more smart technologies to increase production and efficiencies, but doesn't that escalate the risk for cyber-attacks?
CB: Yes, fundamentally that's true. That underscores the importance of including IT and OT considerations and the cost benefit analysis. You want to consider total cost of ownership, including proper maintenance, those updates, those patches, and taking the time to integrate the technology properly as well. And those considerations sometimes get left out and cutting corners increases risk.
It's sometimes wise to expedite deployment to demonstrate efficacy, but once that's demonstrated it should be pretty easy to justify reviewing the integration and the maintenance plans to ensure low risk. But the IT OT convergence is here, it's not going away. I'm sure that's something Trey is keenly aware of. Companies have seen gains in shifting IT resources to the cloud, and they're now wanting to realize the same gains with OT computing resources. And it's that incentive that's driving OT software to the cloud and to connect with the cloud and to communicate over more open standards. But the air gaps are largely going away, and that creates the potential to process that previously siloed data for greater productivity, but it also increases risk to real physical assets. So management absolutely has to be mindful and to encourage mindfulness regarding such risk to ensure their proper mitigation.
FP: I've heard that tools like remote alarm notification software can help reduce cyber-attacks in food processing plants. Can you tell me more about that?
CB: It goes back to the principle of least privilege. In an attempt to offer process and asset information to operators, especially remote operators with the pandemic, organizations have provided much more. Ignoring the principle of least privilege and opening their entire control systems, their host computing environment to remote desktop access by frankly unnecessary parties. There's nothing wrong with making a tool like TeamViewer, Remote Desktop available to IT administrators, assuming it's properly secured and updated, but it's certainly much more than OTs, it's much more than those remote operators need. Those are different roles, they have different privilege requirements.
And the lazy approach really allows remote operators access to what they need, but it carries the additional risk of exposing a lot of access they don't need. So such broad access techniques really present an increased security risk for organizations. Oldsmar, Fla. saw this last year with a malicious hacker gaining access to SCADA at their water treatment plant via TeamViewer. And the hacker raised sodium hydroxide levels to lethal levels. Fortunately, a local operator noticed and acted quickly, but it raises the question, why a remote operator should even be able to do such a thing? With a classic case of making a good solution for local operators in IT, just far too accessible, overexposing that.
Even when remote desktop access is done right for IT, it's not even a very good solution for remote operators. You're essentially asking them to keep a remote desktop window open and to sit there and watch it, to monitor it for events of interest to them. And instead of hoping that they remain vigilant and recognize the signal through all the noise, Remote Alarm Notification Software really proactively notifies the right people at the right time and provides them with the information from the SCADA that they need to do their job without exposing the entire SCADA system to them. It's much more efficient and much more secure.
WIN-911's Remote Alarm Notification Software can be deployed to your IT control network for access to a SCADA. And it can still communicate securely with local communication channels without exposing your control network. And if you don't want to use such channels, then WIN-911 can fit your existing network topology and be distributed across up to three network layers. And from an outermost layer, it can communicate securely to email, SMS and VoIP servers, as well as the window and mobile cloud for smartphone and tablet notification. So a multilayered network with multiple firewalls between the cloud and the control network is always a good idea. And robust applications like WIN-911 are going to embrace that, they're not going to demand security compromises.
FP: Trey, what did Ozarka do before remote alarm notification software was integrated with your SCADA system?
Trey Mixon: Prior to that, the company has gone through no network and local relay control to local network and HMI control and local alarm annunciation, all the way to our present state with a remote access VPN network and remote alarm notifications.
FP: What was the impetus for the company's decision to integrate these two systems?
TM: I'm accountable for the conservation stewardship and the sustainable operation of three spring sites that supply four factories here in Texas, spread across a vast geography and manage over 12,000 acres with a team of two. So the remote access is absolutely critical so that we can direct our resources to the most appropriate place along with our preventative maintenance program. And then as well as being able to react as absolutely quickly as possible to any change in our sustainable process conditions.
FP: Can you explain how remote monitoring is being used both in Ozarka's field operations and in the processing plant?
TM: The remote access is absolutely critical for us to keep up with our real time and our long-term monitoring data. We are enabled to visit remotely the sites multiple times a day through remote access, combined with our video security monitoring to evaluate the data trends that are critical to our operation. We can then detect and adjust operations for spring flows, aquifer conditions, meteorological or climate changes, site security and the operations' data. All of this is critical as our remote sites then have a logistics piece to be able to serve my customers, the factory. We're a 24/7, 365 day a year operation, downtime is very important to us as time is money. And the remote monitoring, and particularly the remote alarm notification, make sure that we're able to respond as rapidly as possible.
FP: Can you give an example of an emergency that was averted because of the Remote Alarm Software?
TM: Absolutely. We run into issues with monitored water level, flow, pressures, et cetera, throughout the year, but oftentimes it's our precursor alerts that we're able to set based on key performance indicators for our sites. We can basically utilize the remote monitoring and remote notifications to identify when we have a sentinel event, something that we're looking for, whether that be drought or low pressure. And so, for example, we've had a number of instances where we've had a relief valve fail and immediately we get a low pressure in a pipeline and we get a remote notification almost instantly by text or within a couple minutes via email. And we're able to respond to the site, make the appropriate adjustments or initiate field repairs as soon as possible.
FP: What advantages does Remote Alarm Notification Software provide you and your team when you're not on site?
TM: Well, we'd like to say it frees us up to do other more important things or spend time with our families on work life balance. But again, there's two of us, 24/7, 365, and the remote notification is critical to help us manage our time. We are dedicated to our most important preventative programs first and foremost, and the remote notifications allow us to divert change and adjust as needed to keep our operations flowing.
