Unitronics hack

A few days ago, a water utility that left a PLC and HMI on an internet connection with the default passwords was attacked. Little damage appears to have been done, but may be an opportunity for a learning experience.

Let's talk about password hygiene. I can think of no reason that you would leave anything with the default passwords. If you work in a smaller firm without a dedicated IT department, get a password keeper, like McAfee TrueKey. If you have an IT department, ask them for some help!

Second, remote access... There are (relatively) secure methods to allow remote access. We can talk about VPNs (some reviews here) and the Purdue model, which shows the different layers of an IT/OT network. Some are better than others. If you are on the larger end, you probably have IT handle this. If you are smaller, you may end up using devices like the eWon or the StrideLink. Either way, you may leave a network connection on your system.

If you have a firewall, router, VPN box, etc, is the firmware kept up to date? Do you need to leave the connection on all the time? Obviously the answer is "yes" if you are using it for monitoring, but I would question if you need to leave programming access on permanently.

Finally, do you check search engines for your gear every now and then? Shodan.IO will let you do a few searches free. Put in your company name and just see what you find...

There are real trade offs to remote access. Automation is a real force multiplier, which can be used to help (or hurt) your firm. Make sure you consider risks accordingly!