Cybersecurity

12 April 2021

Industrial espionage via the infrastructure

It would not be a stretch to say that the Spectre and Meltdown issues caused quite the stir in the media back in May 2019.  While this stir has led in part to both an increase in general public awareness of such critical vulnerabilities within integral component security as well as several improvements, the problems found to have been inherent to ARM processors are still not really resolved for many devices. This has resulted in an odd state of affairs in which many decision-makers have been made aware of deficits within the security of the systems to which they are responsible, but no great changes within the security of these systems have come about.

Over the last few years a particular trend has emerged within IT departments in which “classic IT” (servers, laptops and computers) and “OT”--operational technology—are merged beneath a unified controlling substructure. The fact that the "OT" cannot always be relied upon to follow the same sorts of security requirements associated with “classic IT” is often overlooked or ignored, and the result of this ignorance is the formation of unnoticed or uncontrolled gateways into the IT infrastructure. As a consequence, hackers have more or less ceased their attempts to attack servers directly, instead opting to concentrate their efforts on exploiting intelligent devices within the IT infrastructure in order to attack the servers from a network that may incorrectly be assumed to be "secure". The hackers' primary focus has been found to lay increasingly upon the following devices:

  • Printers
  • Webcams, Security cams and internal microphones, etc.
  • Telecommunications systems, Router and Switches
  • and emergency power systems, specifically through often-unsecured network cards, mostly via SNMP

Problems with IoT

According to estimates by the Statistica Research Department, globally more than 30 billion IoT devices will have been actively networked in 2020. Many of these devices have been produced and put on the market in tandem with very tight budgets, leaving little room for software maintenance. Today, a network card for UPS devices in Asia costs less than 35 USD; of course, customers can not expect a plethora of updates or individual security devices for this price - the ideal scenario for hackers looking to penetrate a network.

From its headquarters in Hamburg, Germany, GENEREX develops its own firmware with a permanent in-house staff of experienced developers and regularly releases hardware, firmware and software updates for its products. If a vulnerability issue becomes known, a customer can be sure that it will be closed as fast as possible. 

Securing an IoT operating scenario is challenging in and of itself, but aspects implicit to the now emerging 5G technology and IPv6 are increasing this challenge. Such new options will consequently intensify the pressure on IoT devices and OT systems, because all devices will eventually be accessible on the internet! While absurd to the point of comedy, a scenario in which an intelligent but hacked coffee machine sends spam emails to a refrigerator has in fact been a reality for some time now. A much less humorous scenario arises if a compromised security camera is used to spy the password as keyed for access to the remote systems of an emergency power supply. The matter is further complicated by the fact that the 5G network additionally allows individual devices to communicate directly via LAN, WLAN and an "anonymous 5G cloud" - unnoticed hacked devices may be reachable in real time and outside any administrative sovereignty by unknown users through such high-speed connections.

It is thus logically foreseeable that in the near future numerous security and safety updates will be made requisite. It is thus also to be expected that such updates will not be forthcoming on behalf of the “cheap” UPS network cards—the resources simply cannot be expected to have been invested, and what’s more, the correspondingly cheap hardware will not be able to meet future requirements of security algorithms and safety features.

GENEREX has recognized this problem for some time now. In order to meet these future requirements, a revised hardware platform—the CS141 HW161—will be released in target Summer 2021. The CS141 HW161 will replace the current model.

The “Component Conundrum”:
Cheap direct imports vs. locally produced components

In 2021, political and industrial interests are finally beginning to realize the implications and ramifications implicit when network technology, from chips to smartphones and LAN adapters to 5G transmission systems, is developed and produced almost entirely outside of Europe or America. China, Taiwan and Korea are the real big players when it comes to the production of such critical products and components. Such imbalanced trust in global production chains as a concession to debatably short-sighted expectations of inexpensive product options will naturally increase this sharp dependence upon such a relatively limited scope of manufacturing territories.

The Coronavirus crisis of 2020 / 2021 and its subsequent effect upon global trade has impressively illustrated the degree to which this dependence has intensified.

Companies like GENEREX, by tradition and on principle relying upon local suppliers and on-site production wherever possible, have reported comparatively little disruption to service in the wake of this Covid-related temporary collapse of international supply chains. On the contrary: because its ability to deliver remained intact throughout 2020, GENEREX has engendered the trust of its customers as a reliable partner!

GENEREX makes no excuses for its price tags; in fact, it stands proudly behind them. Ours is a product which stands up to the increasingly stringent security standards of our modern age. Those “cheap” alternatives are attractive in the short term, when there is a budget by which to passively abide and little concern for the future. But what about 2 years’ time from now? When the cheap solution is unable to provide any capacity for updates or the availability of spare parts, and when the support is subpar and cause for conflict and internal tension; then, the cost will be balanced.