The Cybersecurity "Chicken Coop"
- Dennis Fairchild April 8, 2021
It’s been said, ”What is old is new again”. As with many people who grew up in rural areas raising chickens was a way of life. Over the past several years the popularity of self-reliance and organic food sources has made raising chickens popular again. Those of you familiar with cybersecurity and chickens will quickly see the parallels between the two. I initially thought of comparing the construction, operation, and maintenance of a secure network to a medieval castle. However, I quickly realized this would only perpetuate the concept of invincibility many IT/OT professionals maintain of their networks. The more I researched and evaluated various network configurations and notable high-profile network attacks I realized cybersecurity was most like taking care of the chickens on my grandparents’ farm.
You can think of your company facilities or your clients locations as the “Chicken Coops”. In these locations you are holding valuable information, the eggs. You also have work processes in place that generate revenue (e.g. process control, financial data, business analytics, etc.) for the company. These are the chickens. The idea of building a “Coop” is to have an area that is secure for your work processes to function without interference from the outside world. The goal is to have a safe place to utilize the data your organization has generated and turn that data into a valuable product.
How do you create a strong and secure Coop? Access control is the primary means of securing your data to ensure nothing gets in or gets out that is not supposed to. Just as you would limit access of people or animals into your chicken coop so to should you limit access to your data and work processes. Who really needs to be inside gathering or manipulating your data? Who or what processes should be adding to or removing data from your facilities? Firewalls and security procedures are key to building a strong defensive perimeter to secure your data.
The “Demilitarized Zone” (DMZ) got its name from boarder between North and South Korea. The application of a DMZ in a network is like having two gates around your Coop. The first gate allows access into the DMZ. The second gate allows access from the DMZ to your protected network. The great thing about this is that the rules can be applied to traffic in both directions if you wish. Like multiple gates around the chicken coop. If something tries to sneak past you at the first gate, hopefully you can catch it before it can make it past the second gate and get to your chickens and eggs.
Who is after your eggs?
Snakes, fox, and raccoons will attempt to get into your Coop, so to hackers, cyber-criminals, and foreign cyber-entities look for ways to access your data. If you’ve ever maintained a chicken coop for any length of time you know it doesn’t take long to learn the headaches of maintaining security. Once you’ve built a secure perimeter and have everything locked down this is only the beginning of your cybersecurity journey. Things change overtime. New holes will be found. Systems will break. Someone will leave an open door that allows unauthorized access. Your adversaries will not rest. They will work long into the night when you are sleeping. They will try and try again at new locations, at different access points, or different devices. Cybersecurity is a never-ending journey that you should EXPECT to have failures.
Today’s cyber-criminals are more like the snake that silently slips into your network and slithers around undetected. Once an attacker has penetrated the security perimeter, they will search out valuable information and other potential compromises to your network security. Many of the reported breaches found during the investigations the intruders had been inside the network for several months before they were detected. Once the intruders believe they have fully reconnaissanced your systems they will decide what actions to take next. They might simply slither away and save their access point for future investigation or as a jumping off point to another system they are attempting to compromise. Or they might attempt to gain a financial reward from your organization by locking up the data and shutting down your processes. Some will seek to cause damage, either to the computers and devices connected to the network, or disable the work processes that are being run through the network.
Just as a raccoon might kill every chicken in a coop that it gets into, the same consideration is required when configuring your network. Maintaining layers of security and segmentation of process areas can help to limit the spread of the damage when a breach does occur. Most of the security breaches are not a hard and fast attack, like the movies display, but a slow and methodical investigation of what is available to the intruder. Segmentation between your business networks and your process networks are getting harder and harder to maintain. Application of the principles of IEC 62443 can help with your network design and configuration. With the increasing desire for more business intelligence and the means to monitor workflows in real time, access to process data is now an essential function. When building your networks for secure data transfer consider options that pass data securely from the processing area to a business data server, like OPC UA, for further distribution through the business network.
Farm Hands, Dogs, and other Barn Yard Animals
Everyone knows that good help is hard to find. The same is true in any organization or on the farm. Your company’s personnel are the “farm hands”. They help take care of the processes, perform repairs, and help get your products to market. The problem is they can also be one of your biggest liabilities. Social engineering is one of the most used means for cyber-threats to enter your network. Given the broad range of experience and knowledge a work force might have, the potential for human error is enormous. That is what the threat actors are counting on. This is where consistent training on sound physical and cybersecurity practices are critical to your organizations security success. Even members of “the family”, those you would trust with your life, could accidentally cause a cyber-incident. Things as simple as poor password choice, exposed hardware from a testing network, accidentally leaving a door open could be the opening an attacker might use to gain access.
Another concern with your company’s personnel is that they could turn on you. Members of your organization, contractors, and service providers could steal information or create weak points in your systems that would allow unknown entities access to your networks. No one wants to be suspicious of those around them, but "Insider Threat" is not something to be taken lightly. One day, in Kentucky during “The Depression”, when my Grandmother was a child, she noticed one of her favorite chickens was missing. Her brothers and sisters looked everywhere for it. After a while one of her brothers found a pile of red chicken feathers and the remains of a small fire up in the holler from their farm. Insider Threat is real. You never know who might create a security issue with your networks.
Cybersecurity professionals and Security Information and Event Management (SIEM) may detect suspicious activity before a breach occurs and can help to investigate where the activity is coming from, much like having “farm dogs” around. The problem with “farm dogs” is some bark all the time. This can lead to an over-worked security team that is constantly chasing potential threats. With repeated false alarms a security team can be lulled into not trusting the SIEM reports much like “the boy who cried wolf”. Another issue with “farm dogs” is that some are just lazy. While highly competent and knowledgeable of potential threats and protection strategies they dismiss the threat potential and are happy to “sleep under the porch” until something bad happens.
Another creature of the “Cybersecurity Chicken Coop” is the “Rooster”. The rooster is quick to “over-report” every incident to management to puff out their chest and strut around the conference room “crowing” to everyone how they saved the “farm”. Transparency of the facilities current cybersecurity status is paramount to utilizing the company’s resources in the most effective means. However, “Chicken Little” behavior only distorts the real threat to company assets and can lead to wasteful spending and mismanagement of personnel. Be prepared for a battle of ego and position when the Rooster’s opinions are questioned.
Change in the Weather
Being prepared was a concept driven into my head by my Grandfather. Trying to look ahead and expect areas of potential problems was something he always considered. Your network processes are vulnerable to many of the potential threats described above. Preparation for incidents and failures are paramount to your networks success. Having off-line copies of the operating software readily available and archived historical data to restore lost data is a bare minimum. An area of concern many practitioners overlook is failures outside of your area of control. Does your organization have Uninterruptible Power Supplies (UPS) for the servers and networking devices that support your processes? Do you have an alternate means of passing data outside of your facilities if your Primary Internet providers network goes down? Do you have a means to historize and capture data that could be transferred to other locations once the network connections have been restored? Just like having a storm cellar for when the weather turns bad or a “rainy day fund” to help cope with unexpected events, being prepared for system failures can be a life saver.
The Good Ol' Boys
It seems that everyday a new Cybersecurity Vendor, Network Provider, or Standards Organization pops up with ideas, suggestions, and recommendations of how to build, operate, and maintain your networks. These remind me of the “good ol’ boys” at the local gas station / feed store that sit around and talk about who has the best chickens or if someone spotted a fox, coyote or bobcat in the area. While many of these providers are knowledgeable and all are offering some type of assistance, the “chatter” can be overwhelming. Everyday there is a new email or presentation on Network Design, Cybersecurity, or the latest Cyber-incident. Sorting through all the bulletins and vendor presentations can be full time job. Researching and understanding your networks configuration, preparing for your future needs, and monitoring the system performance are key components of the care and feeding of your networks. While I like a tall tale or two about the good ol’ days, sometimes you have to step back and decide what’s best for you and your organization.
Building and Securing your Coop
At IOT Integration Services we can build, upgrade, and maintain your business and control system networks. We can provide technical assistance with the applicable network standards your organization needs to follow. We can also design and install an entirely new network from the ground up to meet your needs.
Email or Call (713) 588-9556 our office to schedule an appointment to learn about the various services that IOT Integration Services can provide for your organization.
What makes a Smart Process, Facility, Company?
Dec. 26, 2020 - Dennis Fairchild
A smart company doesn't become "smart" overnight - it's a continual process. There are many interpretations of a smart company, such as
A smart company provides open data
A successful smart company needs the involvement of stakeholders
A smart company is connected
1. Open Data
Sharing data is essential for a company to be smart. However, it’s not just sharing data within the company but also sharing data between companies. It can benefit employees, the independent industry, external industries, businesses large and small, and other public and private sectors. It’s not possible or expected that all process data should be released to everyone. Smart companies will have the capability to integrate and make data available from many different areas when needed. The sharing of data can result in better productivity, reduction in waste, improvements in employee health and safety, and many other benefits.
2. Collaboration and Involvement of Stakeholders
Smart companies should be designed to benefit all of the employees. They should have visible results for hourly workers and the organization's management staff. Some of the benefits will be immediately obvious to the employees, others, in areas like employee health may take longer to realize. Monitoring Production Rates and Maintenance, Repair and Operation (MRO) costs are two examples of smart company development. Sharing information - like machine production efficiency - is an immediate result. Knowing exactly how much product is being produced across a fleet machine, plants, and companies at any time opens opportunities for companies to give the information directly to the employees/owners/shareholders.
Counting employees in a building or processing area informs the company of the number of people on-site and tracks them by the time of day. The data helps operational costs by comparing production rates with the number of employees assigned to the work center. It also enables near real-time modification of the facility services required across the organization. With the changes in an organization operating practices initiated by the recent pandemic, live occupancy figures for each facility can be compared against infection rates and available workforce with other facilities.
The smart company data helps quantify the decisions for production improvements, renovations, and retirements of inefficient processes. It shows the use of raw materials for production systems, distribution costs, and reveals the facilities that require a higher degree of MRO expenditure to achieve the same output. Creating a company that uses technology to meet the complex needs of its employees and drives productivity and revenue for the organization as a whole is a long and difficult process. The continual collection of data enables the process analysis to change over time. The analysis is able to be refined and modified as the data trends mature.
Asking all levels of employees in the organization which projects are most important to them helps company management decide the direction of the growth of a smart company. As with any project – getting “buy-in” from those most affected makes integration and completion much easier.
3. Understanding the Technology behind Smart Company Connections
For a company to be smart it needs to be connected. It needs the digital infrastructure to transmit the company data and make it available to interested parties. For example, sensors and devices around the company might collect data and upload it wirelessly to "the cloud". These cloud services process the data and then make the information available to those who need it in the format they need it. The smart company needs to be built with a scalable framework of the information systems so they can be easily expanded as it needs to grow.
Adaptation from “What makes a City Smart?” By Urban Sensing