Patti Perspective
November 2015
We hope you had a wonderful Thanksgiving.

Today we're sending you a very different kind of Cyber Monday email.  We hope you'll find value in this long after the wrapping paper is crumpled up and gone.

This fall, we were targeted in a cyber attack.  We're discussing how it happened, what we did, and how you can prevent it.

Jake Miles played a key part in managing our response to the cyber attack. He's in the spotlight this month.  He's also had an eventful fall outside the office.  Read on to find out what he's been up to.
That Time We Wound Up Interviewed by the FBI
  
If you're not thinking about cyber security, you should be.  We all know not to yell out our password to a crowd and strengthen our passwords beyond "password1".  But many of us tend to think of cyber security as more nuisance than necessity.

Let us tell you our story.

This fall, we were targeted in what we now know is called a "spear phishing" attack.  You've heard of phishing of course - the Nigerian prince asks for a few hundred dollars, or that bank that you've never done business with needs you to click here to verify your credentials.

Spear phishing is a much more sophisticated version.  These hackers put much more time and effort into this attack.  Here's how they almost got away with it.
  1. Targeting:  The hackers researched our company.  They knew we were big enough to have some money in the bank, but not big enough to have large bureaucratic systems and policies.  They targeted only the two employees who work with our finances day to day. This virus did not spread throughout the network. 
  2. Planning: The hackers did not take anything they could get their hands on.  They got our banking log in and password and set up a wire transfer. 
  3. Timing: One of the two targeted employees was on vacation.  More importantly, they set up the wire transfer for payday.  They hoped that we would verify the transfer out of habit, assuming it was just the paycheck withdrawals.
  4. Diversion: We first knew something was up when one employee found hundreds of spam emails in her account first thing in the morning.  The other employee was on vacation; when her flight landed, she found thousands of emails.  In that one day, those two employees received 14,000 emails - each.  They hackers hoped that the deluge of emails would distract us from the any bank emails about the transfer.
Luckily, we have a diligent finance team, and a great bank.  The bank called to verify the transfer rather than simply using email verification.  Our finance team asked about the exact amount and the destination and immediately realized that something was amiss.  The bank stopped the transfer.

Although the transfer was stopped, our IT team immediately responded to mitigate any other risks.  Here's what we did:
  1. Took all sensitive information offline.  This is, of course, standard protocol.  We did this from the moment our eyebrows raised at the spam inundation.
  2. Hired a cybersecurity consulting firm, immediately.  We are still working with them.  They confirmed that we were doing all the right things, but now we will be adding extra layers of security to our system.
  3. Two-factor authentication for bank log-ins.  There are three possible factors of authentication
    1. Something you know - password, PIN, your mother's maiden name, etc.
    2. Something you have - a card, a key, etc.
    3. Something you are - your fingerprint, your retina, your hand geometry
The least secure systems involve only one factor- a username and password are both something you know.  Your debit card, for example, is two factor - you have your card and you know your PIN.  Our bank set up two factor authentication by adding a key chain with a rolling passcode.  So now, our finance team uses something they know and something they have.  Many banks offer this or are implementing it, so ask your bank.  Be aware that username/password and a security question is still just one factor authentication.  Even though it's two steps, both only involve something you know - and something a hacker could potentially learn.

 

  4.       Contacted the police, who put us in touch with the FBI.  Turned over all our information to the FBI.  They are analyzing the virus and our hardware to track down who the perpetrator is and exactly how they got in.  (That's how we found ourselves being interviewed by the men in suits. Yes, he was exactly as straight-laced as you imagine, but he was also incredibly knowledgeable and helpful.)

 

We are continuing to educate our team in cyber security on the plant floor.  A few of us recently attended the Siemens forum on cybersecurity on the plant floor.  Here's what we learned:
  • Intentional hacks of industrial facilities are becoming more prevalent.  You might have heard of the Stuxnet worm that entered Iran's nuclear facilities.  That worm targeted Siemens S7-300 PLCs.  Stuxnet changes the programmed logic, causing the equipment to malfunction.  It can destroy a production line, causing financial and physical harm.
  • Even if the system isn't connected to the internet, malware can enter the system when transferring files via thumb drive.  Most people are very lax about their cyber security at home, but then they use the same USB drive for pictures of their kids as they do to transfer work files.  Those viruses can enter a home computer and remain undetected until they enter a facility through a PLC.
  • Intel is developing cyber security hardware, software, and services in conjunction with Siemens specifically for industrial applications.  We are staying up to date as it rolls out.
Learn from Our Experience
A few tips to improve your own cyber security

For your business:
  • Ask for a 2-factor authentication system from your bank.
  • Hire a cyber security firm to do a full audit of your system.  We have been working with CBI, and we would recommend them.  You can contact them here: www.cbihome.com
  • Share tips with your employees, keeping them up to date on the latest scams and encouraging them to be very cautious about what they open.
  • Build in strong security settings to your network.
    • Require complex network passwords
    • Update infrastructure and firewalls vigilantly
    • Limit network admin privileges.  Too many unnecessary network permissions can allow malware to spread easier throughout a network
    • Use a centralized anti-virus system, which enables your IT person to review all possible threats rather than waiting for something to be reported by each individual user.
For the plant floor:
  • Implement a plant policy where only screened PC's can be brought into your facility. One of our customers has a network connection in the lobby, where a PC is screened before any visitor can take it on the floor
  • Update your operating systems. We gasp at how many of our customers still have Windows 95 or even Windows NT operating systems on their manufacturing floors.
  • The "fortress" security model does not work! Adopt an "assumed breach" mindset and have more than one layer of security for your manufacturing floor.
  • Keep separate USB drives that are only to be used on the plant floor.
  • Remember that hackers usually are not looking to shut you down. What they are looking for your proprietary manufacturing information. They will then sell this information to your competition! You may be hacked for years and never realize it.
  • Get at least two audits a year for your manufacturing systems. Feel free to call us to arrange an audit.
For yourself:
  • Install updates on your home system.  Those pop-ups are annoying for a reason.  Most of the updates are for security reasons, not just the new emojis.
  • Try to do your banking and bill paying on a separate computer that is only used for that purpose.
  • Use two factor authentication for banking.
Patti Personnel Spotlight - Jake Miles
 
Not only is our team incredibly grateful for Jake's efforts in investigating our cyber-attack, we are featuring Jake because he is a great asset to our team and we appreciate his conscientious work ethic.  Jake Miles was recently promoted to IT Manager.  He stays up to date on technical issues and is very attentive to keeping our office systems running smoothly.  He managed the investigation and follow-up during and after our cyber-attack impressively. 

"Jake is a very talented problem solver and his quick and thorough response to our recent cyber-attack really saved our company a potential disaster," says Sam Hoff, CEO.  

Prior to moving into a more internal role, one of the bigger projects that Jake worked on was a full assembly line with Comau for Chrysler Trenton.  Toward the end of the project, Jake had his first chance to dive into project management.  "I was happy to have the chance to branch out into a customer-facing role.  It was a good experience to participate in the conference calls and answer questions, instead of just working on the programming," Jake said. "It was a good balance."

This October, Jake got married!  It was a memorable day - in fact, there's a good chance you'll remember the day as well.  In the lobby of the reception hall, TVs were set up for guests to watch the Michigan-Michigan State football game.  Jake and Laura waded through the crowd for their entrance, and Michigan took the lead as everyone found their seats.   But as dinner was being served, the Frank Sinatra playlist was suddenly interrupted by the Michigan State fight song.   "It made for a great party," Jake said.  "A quarter of the crowd wanted to forget their sorrows, another quarter was ready to celebrate, and the other half fed off the energy."

Jake and Laura headed out to California for their honeymoon.  The "foodies" indulged at several renowned restaurants, including some Michelin-starred- the Academy Award winners of restaurants. They visited San Francisco and Napa Valley.  Jake's favorite place was Yountville in Napa.  

"What I like about working at Patti Engineering is that there's always something new to learn.  I don't do the same thing every day.  Especially in my new role as IT Manager, the industry is always changing and it keeps me on my toes."

 
We work as partners with our clients. When you need an expert to help solve automation challenges, we are here to add value to your solution - enhance efficiency, increase productivity, and work with your team as a trusted resource. Visit our website for more information on our areas of expertise, or call us (248)364-3200 for a free initial consultation.

Thank you for your interest in Patti Engineering.

Best regards,

Georgia H. Whalen
Director of Marketing
Patti Engineering

Simple Steps to Connect a SIMATIC S7-200 to a SIMATIC S7-300/400 via Ethernet
While working on a machine that is controlled by a SIMATIC S7-200 controller, have you been surprised by the amount of control functions that this tiny PLC can handle? You might be even more surprised to know that you can establish a communication between this controller and other controllers on the production floor based on Ethernet technology.  Connecting these controllers via Ethernet facilitates a flexible and distributed automation structure. 


 ~
Copyright © 2015. All Rights Reserved.