With an ever-increasing focus on cloud computing, software companies have a responsibility to ensure customers are not only reminded of the tremendous potential of IoT technologies, but also the increased threat to their systems.
On September 20th 2016 worldofvnc.net, an independent developer, scanned the entire internet for VNC servers, and took a screenshot of those which could be accessed directly without a password. VNC (Virtual Network Computing) is a platform independent, graphical desktop sharing system used to remotely control another computer via a connected network, with popular uses including remote technical support or accessing work systems from a home office.
Shockingly, over 3500 systems were running VNC, open to the internet with no password. Some system integrators have effectively been leaving their clients’ systems completely accessible, and seriously compromised. In one example, a supporting System Integrator installed VNC remote control software on a drinking water control system so they could provide their Australian clients with support. If that wasn’t insecure enough, they installed this software without putting a password on, thus leaving the door wide open for anyone to simply connect up and dose more chlorine into Lake Burrendong’s water supply.
Clearly, this kind of breach is unacceptable. The security implications and consequences for industrial organisations in particular can be catastrophic, and pleading ignorance won’t make the pill easier to swallow. Cybersecurity should be, and mostly is, a top priority for manufacturers, utility companies and transport & distribution businesses. Attack technology is becoming as advanced and highly sophisticated as any other software technology. Firewalls and encryption alone are not sufficient for OT networks, and need to be augmented by robust security gateways. So the advice is this: don’t sit back and hope for the best; take action and make sure your systems are resilient and adequately protected against the risks brought about by today’s digital world.
As Premier Solutions Partner for GE Digital, Astec Solutions can help you test, certify, and secure your connected devices, applications, and processes. GE specialises in providing security systems developed around the needs of industrial customers, securing their SCADA systems, ICS and other environments. To make sure your cyber security strategy is where it needs to be, email firstname.lastname@example.org or contact us directly on +44 1543 888134.