XONA advances remote access to operational technology without exposing critical infrastructure to threats

As XONA strives to advance remote access to operational technology without exposing critical infrastructure to more threats, the frictionless user access platform company has expanded its channel program.

It’s a double-edged sword: advancing remote access to operational technology without exposing critical infrastructure to more threats or vulnerabilities.

As a software vendor, Xona strives to help partners find a balance. To that end, the company, which has a frictionless user access platform built for critical infrastructure, has expanded its channel program globally.

“There’s been this need to kind of expand OT and enable remote operators. The pandemic has had a lot to do with that. There’s an aging workforce, the need to do more with less. So, there’s a lot that’s been driving this recently to expand remote access capabilities,” said Bill Moore, founder and CEO of Xona.

The Annapolis, Md.-based company currently reaches about 25 countries through its relationships with companies like GE and Baker Hughes. The company has now added international channel partners to better empower its partners, expand relationships and meet growing demand.

Those international channel partners include PAGO Networks in South Korea and Dicofra in Mexico.

Read More

XONA, Nozomi Expand MSP, MSSP Partnership Program for Critical Infrastructure and OT

A new partnership between XONA and Nozomi Networks is intended to help operators of critical infrastructure accelerate digital transformation with enhanced security and Zero Trust principles, the companies announced.

XONA is best known for its “frictionless user access platform purpose-built for critical infrastructure,” while Nozomi Networks is a specialist in operational technology (OT) and Internet of Things (IoT) security.

By integrating their technologies, XONA and Nozomi Networks offer organizations “advanced tools to remotely manage the security of operational technology and industrial control systems from anywhere, and on any device.”

Nozomi Networks solutions support more than 74 million devices in thousands of installations across energy, manufacturing, mining, transportation, utilities, building automation, smart cities and critical infrastructure, according to a prepared statement. With pre-integrated and tested solutions that reduce time to market and increase value, combining Nozomi Networks and XONA technology addresses the complex challenge of securing remote access in critical infrastructures.

Learn More

XONA and Nozomi Networks Partner to Enhance Security for Critical Infrastructure

Leaders in OT and ICS Security Combine Zero Trust User Access with Comprehensive Network and Asset Visibility to Drive Cost and Business Efficiencies

XONA, the frictionless user access platform purpose-built for critical infrastructure, and Nozomi Networks, the leader in OT & IoT security, announced a partnership to help operators of critical infrastructure accelerate digital transformation with enhanced security and Zero Trust principles. By integrating their technologies, XONA and Nozomi Networks give organizations advanced tools to remotely manage the security of operational technology and industrial control systems from anywhere, and on any device.

Nozomi Networks solutions support more than 74 million devices in thousands of installations across energy, manufacturing, mining, transportation, utilities, building automation, smart cities and critical infrastructure. Its best-in-class hardware, software and cloud-based OT, ICS and IoT security and visibility products automate the complex work of inventorying, visualizing and monitoring industrial control networks through the innovative use of artificial intelligence.

With pre-integrated and tested solutions that reduce time to market and increase value, combining Nozomi Networks and XONA technology addresses the complex challenge of securing remote access in critical infrastructures. Comprehensive network visibility is automated, therefore enabling network administrators to balance priorities in a more efficient manner while ensuring the utmost protection with granular security.

Learn More

Partnership aims to secure critical infrastructure

XONA, the frictionless user access platform purpose-built for critical infrastructure, and OT-IoT security vendor Nozomi Networks unveiled plans to help operators of critical infrastructure accelerate digital transformation with enhanced security and Zero Trust principles.

By integrating their technologies is said to give organizations advanced tools to remotely manage the security of operational technology and industrial control systems from anywhere and on any device.

“Critical infrastructure across the world is under increasing threat and must be modernized to realize the benefits of digital transformation. Like many other industries, there is a myriad of reasons forcing industrial facilities to adopt new technology – from the cost and business efficiencies they bring to meeting the needs of a highly-skilled workforce that are often stretched too thin,” said Bill Moore, founder and CEO at XONA.

Learn More

XONA and Pago Networks Join Forces, Expanding MSP and MSSP Partner Program

XONA, known for its “frictionless user access platform purpose-built for critical infrastructure,” is expanding its MSP and MSSP partner program by adding its first internationally-based partner, South Korea’s Pago Networks.

As an MSSP and value-added reseller (VAR), Pago is integrating XONA’s solution into its DeepACT managed detection and response (MDR) service and selling the XONA solution separately to its customer base.

XONA, which is based in Annapolis, Maryland, says it is focused on helping partners like Pago accelerate sales and drive revenue. Toward that goal, XONA has added new features to its partner program:

  • Streamlined deal registration
  • On-demand training for channel partners
  • Enhanced channel marketing programs
  • A cloud-based demo platform to demonstrate XONA’s technology to potential customers
Read More

How To Interpret and Act on the Government’s ‘Shields Up’ Advisory

As tensions with Russia mounted in the early weeks of the war in Ukraine, the FBI and the Department of Homeland Security issued a strong advisory to Critical Infrastructure owners, urging them to adopt a “shields up” strategy, hardening their systems against possible Russia-sponsored cyberattacks against U.S. electricity, gas and other systems.

The “who” and the “what” were easy to grasp. But the “how” wasn’t so clear. The advisory didn’t include additional guidance to help industrial leaders better understand what goes into a “shields up” posture.

The announcement mentioned some basic security steps companies could take right away, such as enabling multifactor authentication, conducting regular antivirus and antimalware scans, and strengthening spam filters. A subsequent Shields Up page from the Cybersecurity & Infrastructure Security Agency (CISA) offered more detailed advice. But neither mentioned what should be at the core of a truly effective shields up strategy: zero trust.

Industrial leaders are familiar with the idea of zero trust, and many companies have started working toward adopting the strategy. But there are some unique challenges in implementing zero trust, which organizations can address by answering several questions. What are the key elements for zero trust in an industrial setting? How best can organizations go about implementing it? And how can they anticipate and deal with the complications that may arise?

Read More

Remote work demands industrial businesses secure critical infrastructure

Complex market forces and various sets of challenges have converged over the last decade, leading to the rapid adoption of new digital solutions in power plants. The growing use of renewables and the digitization of the grid have put competitive pressure on traditional gas-operated power plants to evolve to be more competitive.

The primary challenges driving this change include:

  • Multigenerational workforce – the shortage of experienced plant operators and managers is growing, driving a need for more flexible remote work options and training
  • Global shift to remote work – uncertainty and social-distancing protocols created by the COVID-19 epidemic hastened the urgency of a new remote operational model.

This second trend is, arguably, the most important.

Power generators are beginning to adopt technologies that enable remote or mobile control procedures to ensure business continuity and optimal staffing flexibility and efficiency. Due to growing uncertainties in plant operations, industrial organizations must build their security stack with the goal of controlling their critical infrastructure from a remote location. Plant managers and technicians need the ability to interface with the plant assets from anywhere, at any time.

Industrial businesses and enterprises must rethink their security stack. Rather than building defenses around the office, organizations must enable:

  • Collaborate with remote staff and experts
  • Increase on-site mobile staff effectiveness and flexibility
  • Improve employee health and safety
  • Operate reliably with reduced staffing
  • Centrally monitor plant operations.
  • Diagnose and troubleshoot alarms and issues
  • Instruct, guide and dispatch on-site personnel
  • Remotely operate, startup and/or shutdown control system assets

Today’s most power plants are equipped with firewall products, which have become standard-issue appliances when needing to secure a network. Today’s next-generation firewalls (NGFW) are more powerful and provide multiple functions such as sandboxing, application-level inspection and intrusion prevention. While NGFWs do a great job at these functions, they are not designed for accessing devices remotely, and there are inherent risks for those who have used them for remote access.

Firewalls can encrypt data streams over a virtual private network (VPN) and tunnel critical information through an untrusted network, such as the internet. However, with today’s technology and the high number of tools and information available to threat actors, it is possible to hack the data communication protocols at the endpoint device where these encrypted data streams are terminated and potentially conduct malicious activities to access critical power plant assets.

Additional areas businesses should consider for their remote security include:

  • Organizations must identify all their critical infrastructure. While this may sound intuitive, it’s crucial to account for system interdependencies. For instance, an IT billing system is vital if it is interdependent on operational technology.
  • Encrypted browser-based display (VDI) for remote or mobile operator HMI display to desktops, laptops and tablets.
  • Multifactor authentication (MFA) is a given. There are many MFA types, but industrial organizations should implement closed-loop, hardware-based token access without cloud access to meet both onsite mobile operator and remote access requirements.
  • Moderated secure file transfer provides either bidirectional or uni-directional file transfer capabilities for each system connection.
  • Application and system segmentation ensures systems and applications are logically segmented to limit cyberattacks’ blast radius.
  • Time-Based access controls limit the time vendors, contractors and plant technicians interact with critical systems.
  • HMI access sessions by mobile operators and remote users need to be recorded for forensics and training purposes.

As the power industry adapts to the changes presented by a changing workforce and the convergence of IT and OT, remote user access will become even more essential.

Read More

Cyber Defense: Bill Moore of Xona Systems On The 5 Things Every American Business Leader Should Do To Shield Themselves From A Cyberattack

In our uncertain and turbulent world, cyberattacks on private businesses are sadly a common tactic of hostile foreign regimes as well as criminal gangs. Cyberattacks and ransomware have crippled large multinational organizations and even governments. What does every company need to do to protect itself from a cyberattack?

In this series called “5 Things Every American Business Leader Should Do To Shield Themselves From A Cyberattack” we are talking to cybersecurity experts and chief information security officers who can share insights from their experience, with all of us.

As a part of this series, I had the pleasure of interviewing Bill Moore.

Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?

I grew up in the suburbs of Washington D.C. — Alexandria, Virginia to be exact. My father worked for the Federal Government and was a longtime engineer at NASA, and my uncle also worked in the intelligence community. So, from a young age I was exposed to the ins and outs of the engineering field. I stayed local and then I went to college a couple hours away at James Madison University, where I majored in Economics.

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

That’s a great question, not sure if I can distill it into one story. If I had to pick, I would say it’s because I got into IT in the mid 90s and I really enjoyed the whole idea of networking computers, I was a LAN administrator in IT and the internet was in its infancy at that time, but I started recognizing that there were a lot of cybersecurity issues like viruses. Computers weren’t nearly as locked down as they are today. I remember I was working a contract for the Navy when the Melissa Virus happened over 20 years ago and just seeing how impactful hacking was on our networks, it really piqued my interest to the point where I said “Okay, this is what I want to do, this is what I want to get into moving forward.” I then started looking for job opportunities that were more related to encryption and securing networks. I got a job at a wireless encryption company. I was so fascinated by the mobility, the internet, ability to do networking over wireless but also being able to go in and see how hacking wireless played out in its early stages before anyone really knew of the real impacts. I would even mess around to see how easy it was to hack certain things before it became more locked down just to understand it. I remember I was at an accounting firm, and they had a wide-open access point that anyone could have hacked. It wasn’t locked down at all, so I went in and mapped every computer and every server to a text file and sent it to their CISO and recommended they shut down the access point. When they saw what I had done, I’m sure their heart skipped a beat, but I just wanted to let them know — sort of a white hat thing to do.

Can you share the most interesting story that happened to you since you began this fascinating career?

When I worked at FireEye in the 2010s…

Read More

Russia’s Cyberwar Targets Western Critical Infrastructure

endpoint

Cyberwar isn’t just coming to the West. It’s already here.

On May 10, the U.S. and European governments formally declared that Russia’s invasion of Ukraine began with a state-sponsored cyberattack on critical communications infrastructure—an attack that spilled over from Ukraine to satellite internet networks throughout Europe. It is a foretaste of disruptions on a global scale, officials have warned, with critical infrastructure like utilities, food production, and emergency services at risk.

In fact, there’s strong evidence that these kinds of attacks have already begun.

A number of wind-power companies fueling Germany’s rapid transition away from Russian energy have recently experienced cyberattacks that took some systems offline. Off the record, Western governments assigned blame on Russian military intelligence services for an alarming hack that disabled Viasat, a major satellite company based in California that Ukraine, wind-energy utilities, and many other European companies use for internet service.

Nation-state attacks on critical infrastructure predate the war, of course. The North American Electric Reliability Corporation (NERC) found a 170 percent increase in ransomware activity targeting power companies from 2019 to 2020. And on a recent episode of 60 MinutesJen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), said that Russia is almost certainly planning to attack U.S. infrastructure directly, and that organizations—and all of us—need to brace ourselves for the inevitable….

“[Oldsmar] was an example of improper isolation of data communications and weak authentication from the water plant control room out to the internet,” says Bill Moore, CEO and founder of Xona Systems, which focuses on OT security. The Oldsmar facility did not employ multifactor authentication, compounding the problem. In an analysis, CISA said Windows TeamViewer software based on the widely used remote desktop protocol (RDP) was a critical weakness that allowed hackers to infiltrate the treatment plant. Moore notes that RDP is the top weakness that ransomware attacks exploit to this day.

Read More

Hackers target US industrial control systems

Four federal agencies have warned that hacking groups have developed tools to attack technology used in factories, utilities, and other industrial settings, potentially allowing hackers to shut down parts of the U.S. energy grid and water services.

The April 13 alert from the FBI, the Department of Energy, and other agencies warns of advanced persistent threats, typically large cybercriminal groups and government-supported hackers, targeting three broad groups of industrial control system and supervisory control and data acquisition devices.

The targeted technologies are used in a wide range of settings, including the U.S. energy sector, the oil and gas industry, water and wastewater services, and manufacturing, transportation, and government agencies, such as the Department of Defense, noted Bill Moore, CEO and founder of Xona , an industrial controls security vendor.

“Chances are your life has been touched somehow by these systems unless you … live way off the grid,” added Andy Rogers, senior assessor at Schellman , a global cybersecurity assessor. “These systems control everything imaginable and to some degree make our lives a little more comfortable or safer on a daily basis.”

Moore called these threats “extremely concerning,” particularly during the current geopolitical tensions sparked by Russia’s invasion of Ukraine.

Read More