WG 2.0
The WGCIT Agtech Blog

Agtech innovators. WGCIT stories.

  • ZAG Technical Services

Protecting Production - A Guest Blog from WGCIT Sponsor ZAG Technical Services

Posted on July 30, 2018 13:23 PM by WGCIT

By: Greg Gatzke, ZAG Technical Services
 
Trucks must ship....
The Agriculture Industry is facing many challenges ranging from labor to water to quality. It is widely accepted that technology will be the key to solving these significant issues. Technology systems will make our industry more efficient and successful. They will allow us to feed more with less. But the benefits also come with significant, potentially devastating risk.
 
Every company today is fast becoming dependent upon technology. Criminals know that companies can no longer function without technology; they can’t produce, store or ship without their systems. Criminals are making a killing holding company’s computer systems hostage.
 
These attacks on businesses are occurring at a rate never seen before. They aren’t just targeting large scale enterprises like Target or Equifax; they are targeting businesses in the small, midmarket and enterprise range. ZAG has been engaged by organizations of all sizes to help recover from these attacks. Understanding how these attacks happen help organizations protect against being a victim of them as well as helping prepare for the results of a successful attack.
 
Profile of an attack:
The profile of the attacks has been very consistent. The hackers first find a way to get in past security. This is normally done through an open Terminal Services (RDP) connection on the internet or when an employee clicks on a piece of malware that leads him to giving up his login credentials.
 
Once the criminals have gotten in, they then get their rights elevated to administrator. Once the criminal has administrator rights, they have free reign to destroy the network. They begin this by destroying all backups they can get their hands on. Next, they dismount all databases (generally including your ERP system) and encrypt it. Finally, they encrypt every system turned on including servers and PCs.
At this point the organization is left with a network that is unusable. The criminals generally demand between $25,000 and $50,000 to decrypt the data so the company can work again. ZAG has only been in one situation where the company had no choice but to pay the $25,000 ransom. In that case it took days to get the recovery keys delivered by the criminals to return the network to working order. That is days without production. The cost of this can easily pass $1m for a midsized company.
 
The ultimate question is whether a network can ever be trusted if you pay the criminals. They had complete reign over the network, who knows what data they took or back doors they left behind.
 
Today every Ag company is a technology company:
Would you pay a criminal $25k to get production back up? Would you trust the system if you did?
 
In all other cases the criminals were not paid. Systems were able to be recovered in a relatively quick manner and production was able to be brought back online. This can take hours or even days to complete.
 
It should be noted that the criminals work to render every device unusable. This includes all laptops and desktops. Oftentimes recovering the encrypted PCs is one of the biggest hurdles as the effort to rebuild the systems is huge.
 
Protecting the corporate assets:
There are steps that can be taken to ensure basic security. These nine steps would have stopped all attacks that we have been engaged with to date:
 Change Default Administrator Name
 Enable Account Lockouts
 Add Web Filtering Software
 Patch Systems on a Timely Basis
 Add Anti-virus Everywhere
 Segment the Various Administrator Roles
 Turn on Server and PC Firewalls
 Implement Air Gap Backups
 Implement SAN with Secure Snapshots
 
These are only some initial steps that should be taken to protect your network. A more detailed explanation of them can be found at (zagtech.com/basic-security). They will add a good deal of security, however there are more advanced steps that should be taken to add further protection.
 
Protecting the plant:
Of course, no matter how much we protect the Corporate Network, it is our duty to protect the manufacturing systems should the Corporate Network be compromised. Regardless of what happens, refrigeration must run and trucks must ship. Therefore, beyond the steps called out above, it is important that the automation networks be protected. They are what make the business, and nothing can be considered more important than these systems. Without them product spoils and revenue stops coming in.
 
The number one key to protecting these systems is hiding them from the criminals. This is normally done through Network Segmentation. The automation systems are not reachable from the Corporate Network. This means that even if the Corporate Network is compromised, the criminals cannot get to your manufacturing systems.
 
This segmentation is the ultimate defense against a criminal attack. Making the key systems invisible to attack is the ultimate defense.
 
Preparing for the worst:
But, as always, organizations must prepare for the worst-case scenario. Any organization can be taken down at any time. What would happen if your plant was hit? Responding will be a matter of prioritizing what to fix first. Would you focus on:
 
 getting production back up so that you could finish your shift,
 shipping product to your customers,
 maintaining your cooling systems so product won’t spoil, or
 processing payroll?
 
Organizations must be ready for these types of events. They should talk through the potential problem and understand how to respond in a disaster. These attacks can happen at any time and are often hitting on the weekends. Executives should be engaged to determine if they will be willing to pay criminals a ransom? Would you pay the ransom if it was the cheapest way to recover?
 
Finally, can you run your business without technology. Has your team become so dependent upon computer interfaces that they have lost the knowledge to turn the screws by hand and operate critical systems like cooling? Maintaining the ability to run systems without automation can mean success in an attack.
 
The path forward:
The threat today is real. Criminals are successfully attacking American businesses. The good news is that you can take some basic security steps that will dramatically reduce the risk. More advanced steps can then be taken to better protect your network.
 
Every organization should work to shore up their defenses while preparing for a disaster that might hit. The future of your organization depends upon it.
 

At ZAG Technical Services, our talented team of professionals are driven to meet challenging IT needs, while reducing risk and improving productivity.  Since 1998, with an office in Salinas as well as San Jose, we have worked with growers and packing companies in the food supply chain to ensure IT security and enable clients to succeed.