May highlights, industry news and happenings from Bedrock Automation.

In response to the recent WannaCry attacks, I wanted to write you a Bedrock Security Brief on combatting industrial ransomware:

Ransomware cyberattacks like WannaCry are spread by spam emails exploiting vulnerabilities in the Windows operating system running on x86 processors. Bedrock™ does not run Windows and does notuse x86 processors. It is therefore not possible for Windows malware, ransomware or any other type, to infect Bedrock™ system modules. In addition, with Bedrock™ Cybershield, the user, engineering tools and control applications are authenticated and digitally signed to the controller over a secure TLS tunnel, concluding with an encrypted, authenticated runtime image loaded to the controller, executed by a secure Real Time Operating System (RTOS). Creating or launching ransomware against these defenses is extremely unlikely. Bedrock™ systems are highly secured against future forms of ransomware attacks. 

However, this is not the full story of user vulnerability. Systems are normally deployed in a network with HMI, historian and other devices and services. These devices and services typically do run with Windows or Linux and are potentially vulnerable. The level of risk in the complete system will depend on how carefully it is engineered and maintained, and on the level of awareness and training of the system operators. Best practice fundamentals such as segregating the control network from the business network and not allowing use of HMI and engineering workstations for email and web browsing will reduce this risk and threat enormously.  Also, clean and current backups empower users to “shoot the hostage” and disable the workstation attack. In a recent Forbes article, Ralph Langner, founder of the security consultancy, Langner, had a grim outlook for the future of ICS Ransomware: “For the competent attacker it would be possible to use the encryption vector specifically against industrial targets and force a production halt. We haven’t seen that on a large scale yet, but predict it’s coming, with ransom demands in the six and seven digits.” 

While users navigate this issue, the challenge for control systems today (including the HMI servers, SCADA systems, and historians) is that they were developed before cyber insecurity was real. As a result, typical ICS defenses are “bolted-on” digital technologies analogous to encasing yourself in shields for protection from a physical attack. Bolted-on security for automation is proving insufficient in today's reality of persistent attacks. Deploying a Bedrock™ OSA™ platform today insures a new level of intrinsically secure system hardware, firmware and engineering applications with extreme barriers to entry for ransomware attacks. Throughout 2017 Bedrock is extending this intrinsic defense down-network to sensor communications and edge devices (IIoT), and up-network to deploy secure OPC UA and DDS, as well as SCADA applications with user authentication and biometrics. Used in combination with network segregation and cyber hygiene, malicious ransomware attacks on automation systems can be thwarted.

Follow Bedrock as we deliver our OSA™ platform with advanced intrinsic security, enabling authentication from the sensors to the user. Watch for our June Security Brief on Securing Applications.

Respectfully,

Albert Rooyakkers Founder, CEO Bedrock Automation

The Bedrock™ IDE, is a modern, open IEC61131 toolset to build control strategies of any kind. With embedded simulation, limitless tags and users, and intrinsic cyber security, this FREE toolset delivers unmatched value. Click here for your free, fully functional download.

The Bedrock Secure Controller (SCC) hasachieved Achilles Level 2 certification. TheAchilles® Test Platform helps manufacturers of missioncritical infrastructure solutions ensure that their productsare less vulnerable to cyberattacks.

Red Trident Incorporated to Deliver BedrockAutomation Solutions. ICS cyber security channelpartner Red Trident joins the Bedrock AutomationSystems Integration Network. 

Bedrock™ Secure UPS Takes Gold in PlantEngineering’s 2016 Product of the Year Program inthe Energy Management category for the 2016 Productof the Year competition.

The sign of any thriving ecosystem is growth!  Weare pleased that more and more of the leading HighTech Distributors and System Integrators from aroundthe globe are embracing the Bedrock platform and arejoining the Revolution. Our most recent additionsinclude:

ACE Technologies, LLC (Indiana)Autochim Systems  (UAE)ESM Australia (Australia)Gulf Automation Systems (Kuwait)Instrulogic, Corp (Virginia)I S Systems PTY Ltd (Australia)Neocurve (Sweden)PCD Sales (Colorado/Texas)Red Trident (Texas) Rotalec (Canada/Minnesota)

Are you ready to join the Bedrock team? Please contactPaul Tornabene. 

Bedrock heads to the Global Petroleum Show.We'll be in Calgary June 13-15 for the Global PetroleumShow where Chris Harlow, Product Manager andTechnical Specialist will discuss "Using Open ControlWithout Compromising Cyber Security" at the DigitalOilfield Knowledge Bar. Check here for the fullspeaking schedule. 

275 Turnpike St #101 • Canton, MA 02021 • United States