Is this the automated industry’s solution to the SolarWinds hack?

22 February 2021

While it may be true that few corporations could detect hidden malware in a manufacturer’s approved software patch, there are steps that all organizations can take to mitigate the risk of incoming attacks. That includes controlling who installs updates on their networks, and how and when this is done.

The fallout of the SolarWinds breach is still being felt by government agencies and corporations around the world. While the full impact of the malicious code that hackers planted in software updates is unlikely to be known for several months, victims are scrambling to dilute the damage.

Organizations not directly affected by the supply chain attack are no doubt thankful for a lucky escape. They either don’t use Orion software but – if they do - hadn’t got around to installing the update or didn’t have data that appealed to the hackers. Nevertheless, they will be giving serious consideration to how they can make their cybersecurity systems more robust.

The administrative headache of updating firmware in an OT environment 

Companies in the automated industry should strongly consider adding LockBox to their arsenal of cybersecurity tools. The latest product to be released by Procentec, a global leader in diagnostic and monitoring solutions for the industrial automation market, is certainly making a timely appearance for those operating in an OT environment, where updating software can be a fairly haphazard affair.

Control of an industrial automated network, unlike a general IT system, is usually decentralized. Consequently, it’s not uncommon for software updates to be shared via email or USB stick or downloaded numerous times from the manufacturer’s website by individual technicians. While the latter is undoubtedly more secure than the former, it still creates an administrative mess for the lead engineer, who often has no idea what’s been downloaded, if indeed anything at all.

Creating a catalogue of approved firmware for authorized users

LockBox is Procentec’s answer to this familiar problem. It’s a platform that creates a catalogue of approved firmware, manual brochures, release notes and datasheets, which can then be shared with authorized users.

Since all catalogue additions are verified by the catalogue’s administrator (in most cases the lead engineer), field technicians can be confident they’ll be installing a secure and recent version, whether it’s a patch or a completely new software package.

The science behind LockBox is blockchain technology. The data of any firmware update is provided in binary, which is then converted into hash values via a hashing algorithm. These hash values help establish that a file, website or download is genuine. Blockchain technology tracks the hash values, checks the fingerprint of the file, verifies that its certificate is current and creates an audit trail.

Bridging the gap between a centralized and decentralized process

Although the administrator still has to go to the manufacturer to obtain the latest files, a semi-centralized procedure is now in place. Field technicians do the actual updates themselves, but the lead engineer can see which technician updated what file and when, and on what network, providing the best of both worlds.

It’s true that LockBox may not have prevented the highly sophisticated SolarWinds breach, but there’s no question it could help companies deal with the fallout. Stripping out all affected firmware and downloading new updates for complex and geographically dispersed networks would be markedly easier for all concerned, minimizing any impact on business operations. And that demands serious consideration.

Procentec, which is constantly searching for ways to make the lives of lead engineers and field technicians much easier, is officially launching LockBox on the 8^th of April 2021 at its Virtual Product Event. Sign up and don't miss out on new security releases for your industrial network.

For more information and early-acces to this innovative and well-timed product, please contact Matthew Dulcey, Procentec’s Chief Technology Officer (CTO) at mdulcey@procentec.com.