IT/OT Collaboration
News
Vendors

OTORIO, GE Digital release Windows hardening tool for HMI/SCADA systems

February 02, 2021
hardening tool for HMI/SCADA

Industrial cybersecurity company OTORIO announced Tuesday the release of a Windows hardening tool for HMI/SCADA systems based on GE Digital’s CIMPLICITY application. With the tool, users will be able to verify the security configuration of the Windows machines using different CIMPLICITY components.

The tool is made up of 16 security insights, based on dozens of Windows checks that are derived directly from GE’s security recommendations, to ensure that the installation of CIMPLICITY is done in a safe environment. OTORIO has embedded GE’s feedback and insights into the hardening tool to make sure that all security checks performed are in alignment with GE’s recommendations.

“We are also recommending users run an annual test to make sure that the system stays secure over time,” OTORIO said in a company blog post.

Cybersecurity experts are seldom present on the production floor. Therefore, “we designed the tool with the system integrators who install these systems and OT security personnel within the plants as its primary users,” OTORIO said. The hardening tool is as simple as a  “double click” of a PowerShell script, which makes it easy to run even for non-technical personnel, it added.

CIMPLICITY is a scalable automation platform providing visualization and control for industrial systems of various sizes and architectures. It is the key component that controls and monitors the operations in the manufacturing environment. The software application can run on a single server or in a variety of client/server architectures.

It also delivers quicker responses, reduced costs, and increased profitability, in addition to reducing time-to-value with rapid application development tools, including new OPC UA auto-discovery, enhanced mimic-building tools and libraries, and REST APIs for remote configuration. Using OPC UA Server support for modeled data, CIMPLICITY helps aggregate systems for a single connection to SCADA systems and deliver consolidated views.

OPC Unified Architecture (OPC UA) is a machine-to-machine communication protocol for industrial automation developed by the OPC Foundation.

OTORIO holds that the hardening tool provides an effective way to verify the control servers themselves. It is not proposing that the hardening tool addresses all possible misconfigurations, or that it checks all of the security flaws that may arise in CIMPLICITY environments, such as network segmentation. GE Digital’s model assigns responsibility and liability to the buyer or user and is committed to continued collaboration on security.

In December, OTORIO released its list of industrial cybersecurity predictions for this year in the backdrop of an increase in COVID-19 accelerated ransomware attacks targeting industrial companies. Hackers took advantage of the shift to opening the shop floor to remote connections, leading to a surge in industrial ransomware attacks from less than five successful attacks per month in the first quarter of this year, to over 20 successful attacks per month from May onwards.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Mandiant exposes APT44, Russia's Sandworm cyber sabotage unit, targeting global critical infrastructure
Mandiant exposes APT44, Russia’s Sandworm cyber sabotage unit, targeting global critical infrastructure
Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk
Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk
Armis
Armis acquires Silk Security for $150 million to enhance AI-driven cybersecurity capabilities
Nozomi discovers five vulnerabilities in AMI MegaRAC SP-X BMC, exposing OT, IOT devices to RCE attacks
Nozomi secures US$1.25 million US Air Force contract to boost DoD critical infrastructure security
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape
House Energy and Commerce Committee members seek answers from UnitedHealth on Change healthcare cyberattack
House Energy and Commerce Committee members seek answers from UnitedHealth on Change healthcare cyberattack
CISA announces Cyber Storm IX cybersecurity exercise to strengthen national cyber readiness
CISA announces Cyber Storm IX cybersecurity exercise to strengthen national cyber readiness
New NSA guidance identifies need to update AI systems to address changing risks, bolster security
New NSA guidance identifies need to update AI systems to address changing risks, bolster security
Claroty’s Team82 details cyber attack by Blackjack hackers on Moscow's emergency detection systems
Claroty’s Team82 details cyber attack by Blackjack hackers on Moscow’s emergency detection systems
Kaspersky ICS CERT reports on escalating consequences of cyber attacks on industrial organizations
Kaspersky ICS CERT reports on escalating consequences of cyber attacks on industrial organizations