Years back, people loved the idea of getting Operational Technology (OT) equipment with a web interface on the network. More data seen is a GREAT idea. Turns out, not a great idea. If an ethernet cable connects to it, it’s seen as an issue by IT/Cybersecurity. Risk Management will always be an organic process with field devices, as they are not the same as IT devices. Help reduce cyber risks with operational technology devices with these six recommended steps.
Ways to reduce your cyber security threats with Operational Technology (OT) devices
I have listed below six steps to reduce Cyber Risks with Operational Technology devices. Firmware is the typical way OT devices work and pose less risk than IT devices.
1. Change the default username and password!
- Whenever hackers can see a devices webpage, they can search for the default credentials used
- Setting passwords, use uppercase, lowercase, add a number or two, and the AWESOME non-standard character
- With this in mind, the longer the password, the safer you are
2. Keep the information secured for OT devices!
- Keep the username and passwords secured, and make it uncommon knowledge with your vendors
- Changing the password frequently will help keep the equipment safe
- Use a secured vault program for your password repository
3. Disable Network Ports to Harden Security!
- A large number of field devices use firmware, so there are fewer ports susceptible
- FTP (port 21,22), telnet (port 23), HTTP (Port 80), and even HTTPS (port 443) can be a target
- If SNMP V1 (port 161) needs to stay, change the public and private community strings (If defaulted)
- Likewise, SNMPv3 uses encryption and is the safest method for SNMP data
4. Limit the TCP connections allowed.
- Modbus (502), BACnet (47808), and SNMP (161) are the standard ethernet protocols used for field devices
- Whenever possible, add an IP filter for allowed connections to these devices
- Change the known port number to an uncommon port number
5. Keep the firmware up-to-date.
- Given that most manufacturers realize times are changing, they are updating firmware when they can
- Firmware was released to help harden the device with new security measures
- Always consult the manufacturer on the process involved when updating
- Such as downtime, config changes, effects on data being polled during the effort
6. Reduce the Number of threats on your network! (Plan B)
- If there is no ethernet cable, the device is not a prime target for bad actors
- Modbus and BACnet hardware, stop using the ethernet side and use the serial port
- Great approach for new construction if the devices web interface is weak
- Fewer devices on the network become one less concern for the IT Department
Where to start to reduce OT Cybersecurity risks on IT networks? Risk Management with IoT devices may seem tricky but does not have to be.
In summary, do your devices reside on a shared network monitored by IT? If not, you are not a scanned threat. If yes, continue.
Next, get the list of devices from IT and see what changes you can make organically to help reduce the issues.
Otherwise, if the device has too many issues, firmware and configuration changes will not correct the problem. It is time to cut the cord (Ethernet Cable), Plan B.
If you have questions about your application, we will talk to you; email and phone calls are free.
MOXA – Security Hardening Guide for the MGate MB3000
Microsoft – Understanding the Thread Landscape and Risks of OT Environments