HomeResourcesBlogCategory: Blog

FoxGuard Solutions CyberSecurity protecting our nation’s Military bases

FoxGuard Solutions, Inc. was awarded distinguished Department of Defense and Department of Energy’s  ESTCP Cybersecurity for Building Automation Systems

CHRISTIANSBURG, Va. December 7, 2017 – FoxGuard Solutions, Inc. was awarded a grant from the Department of Defense to develop a “Cybersecurity Platform for Energy Management and Control Systems”. The program is through the Secretary of Defenses Office and is targeted at protecting military installations across the world of cyber-attack.
 
ABOUT ESTCP:  The Program’s goal is to identify and demonstrate the most promising innovative and cost-effective technologies and methods that address DoD’s high-priority cyber security requirements.  

DoD NEED:
The Department of Defense (DoD) is the largest single consumer of energy in the United States. It operates over 500,000 buildings and structures with diverse inventory encompassing barracks, commissaries, data centers, office buildings, laboratories, and aircraft maintenance depots. A majority of these bases are largely dependent on a commercial power grid that is vulnerable to disruption from cyber-attacks, aging infrastructure, weather-related events and direct attack. In an effort to reduce energy costs, increase security and improve energy resiliency, DoD has adopted a cyber security strategy for fixed installations.

FoxGuard Solutions was tasked with researching, developing, and demonstrating technology and techniques to identify and monitor BacNet field controllers for vulnerabilities, continuous monitoring of security controls, identify patches for Building Automation Systems software, hardware and firmware, while also facilitating the deployment of those patches. 

KEY ELEMENTS:
• Building Automation System Asset Discovery
• BacNet Vulnerability Scanning
• Patching Building Automation Systems
• Continuous Monitoring of Cyber Security Controls

The program is based around the Risk Management Framework (RMF) to help DoD control system owners continuously monitor Building Automation Systems for vulnerabilities. 

AboutFoxGuard Solutions, Inc.:
FoxGuard Solutions develops custom cyber security, compliance and industrial computing solutions. FoxGuard provides reliable, secure and configurable patch management reporting services, which include availability reporting and applicability analysis for information technology (IT) and operational technology (OT) assets used in critical infrastructure environments. 

 

 
Media Contact
Marcie Killen
Marketing Manager
p. 540.382.4234 x152

UAE RoHS is Effective 1/1/18 for IT Equipment

Despite the lack of clarity of information that the United Arab Emirates regulating authorities provided until recently, despite lobbying by industry associations for an extension, and despite the fact that nobody is actually going to have certified products by the first of the new year, UAE authorities are adamant about the “in force” date of January 1, 2018.  However, they have made the following concession:

Companies must register before the deadline in ESMA portal and submit applications for ECAS or EQM and, as a minimum, submit the company’s documented “Risk assessment” process as well as the signed “Declaration of Compliance” form.  Companies who register before January 1, 2018 and have submitted applications with the minimum documentation listed above will be able to continue to import their products come 2018.

Michael Kirschner, President of Design Chain Associates (1), writes in the DCA December 2017 Newsletter:  “There are multiple examples of regulators trying to regulate the electronics industry without really working with the industry to understand it first. China’s attempt to make everyone test every part in Chinese government labs in 2009 as they attempted to implement the restriction phase of ’China RoHS’ was a great example; this is another. Not that the electronics industry has a one-stop-shop for regulators to speak with that represents any significant chunk of this industry…rather than stepping away from environmental performance, the industry needs to own it to prevent this sort of failure that costs everyone time and money.”

Key points of the UAE RoHS regulation include:

  • Among the products in scope are PC’s and peripherals, laptops, printers, “other products / equipment for collection, storage, processing, presentation or communication of information by electronic means”, and “other products or equipment of transmitting sound, images or other information by telecommunications”
  • The restricted substances are the same as EU RoHS; however, the application and certification process is much more rigorous
  • Applicant must have UAE trade license
  • There are two conformity assessment options:
  • Mandatory under ECAS, valid for one year only
  • Model H under EQM

 

Details of the regulation can be found on ESMA’s website, at http://www.esma.gov.ae/Documents/Restriction%20on%20Hazardous%20Substances.pdf

 

Regulatory Growth in 2017

Below are Compliance & Risks* quarterly regulatory growth charts as of October 2017, showing cumulative growth by subject and by region. * http://www.complianceandrisks.com/c2p/

   

Statistics provided by James Poe of Compliance & Risks indicate that in 2017 alone, over 2,000 new regulations were enforced or are pending, leaving manufacturers, distributors, and importers with well over 15,000 regulations to consider when assessing a product for global marketing.


Looking at statistics by region, the greatest number of new regulations for the subjects above were introduced in 2017 in the EMEA countries (Europe, Middle East, and Africa), including Central Asia.As a comparison, ten years ago, in 2007, only 457 new regulations were introduced for these same seven subjects, and manufacturers, distributors, and importers only had to consider a mere 3,860 total regulations when assessing products for global marketing. This reflects a growth of over 500%!

In 2007 the same region only introduced 269 new regulations, for a total of 2,185 in that year. The region with the greatest regulatory growth percentage from 2007 to 2017 is EMEA w/ Central Asia, with growth of over 725%. Second in line is US & Canada, with regulatory growth of over 600%.

FoxGuard tracks pending new legislation, as well as upcoming changes to existing legislation, and works closely with our supplier network to ensure continued compliance of systems and components.

Keeping Infrastructure Strong and Secure

November is Critical Infrastructure Security and Resilience Month, a nationwide effort to raise awareness and reaffirm the commitment to keep our Nation’s critical infrastructure secure and resilient. FoxGuard Solutions has committed to building awareness of the importance of critical infrastructure.

Industrial control systems in critical infrastructure are high-risk targets for attack and exploitation. FoxGuard combines its engineering and software services talent to develop unique cyber security solutions that protect industrial control systems (ICS)  in critical infrastructure markets bridging the gap between information technology (IT) and operational technology (OT) environments.  FoxGuard’s Patch & Update Management Services include asset analysis and monthly patch reporting.  Consistently monitored patches & updates can help resolve security vulnerabilities, functional issues and meet regulatory compliance requirements (NERC CIP).

During November, we focus on engaging and educating public and private sector partners to raise awareness about the systems and resources that support our daily lives, underpin our society, and sustain our way of life. Safeguarding both the physical and cyber aspects of critical infrastructure is a national priority that requires public-private partnerships at all levels of government and industry.

We know critical infrastructure as the power we use in our homes and businesses, the water we drink, the transportation systems that get us from place to place, the first responders and hospitals in our communities, the farms that grow and raise our food, the stores we shop in, and the Internet and communication systems we rely on to stay in touch with friends and family. The security and resilience of this critical infrastructure is vital not only to public confidence, but also to the Nation’s safety, prosperity, and well-being.

Managing risks to critical infrastructure involves preparing for all hazards and reinforces the resilience of our assets and networks, and staying ever-vigilant and informed.

This November, help promote Critical Infrastructure Security and Resilience Month by training your employees on cyber awareness, taking part in the Hometown Security effort, engaging with your community partners or supporting long term investments in critical infrastructure. We all need to play a role in keeping infrastructure strong, secure, and resilient. We can do our part at home, at work, and in our community by being vigilant, incorporating basic safety practices and cybersecurity behaviors into our daily routines, and making sure that if we see something, we say something by reporting suspicious activities to local law enforcement.

For more information, visit www.dhs.gov/cisr-month

 

WANT TO LEARN MORE ABOUT PATCH MANAGEMENT?
FoxGuard provides a wide range of patch management solutions that help entities identify and mitigate gaps in the security of their systems and prepare for NERC CIP audits. We host a webinar series to discuss ways to develop and implement a robust patch management program. Reserve your spot in our next session.

RESERVE YOUR SPOT

If you want to discuss something specific, we will do that too! Just reach out, tell us what your challenges are, and we will have one of our security experts contact you.

TALK TO AN EXPERT

FoxGuard partners with BISIM in new simulation facility

FoxGuard Solutions is proud to be a part of Bohemia Interactive Simulations’ (BISim) opening of a new, state-of-the-art simulation technology demonstration facility for its customers and partners. The facility will bring together the latest technology in the simulation industry from a group of leading simulation software and hardware providers. Take the opportunity to preview innovative simulation technologies that will be unveiled at I/ITSEC 2017.

The BISim Tech Dev and Demo facility, located at BISim’s Orlando headquarters, includes the following technologies:

  • High-end and high-performance computer hardware supplied by FoxGuard Solutions.
  • VBS Blue IG, BISim’s new 3D whole-earth rendering technology for Image Generation applications, and VBS3, BISim’s virtual learning environment and flagship of the U.S. Army’s Games for Training program.
  • Emerging Virtual and Augmented Reality solutions created using the VBS platform including an F-18 Trainer developed for the US Navy and an AC-130 check-list trainer developed in partnership with Vertex Solutions Group and SA Simulations for Air Force Special Operations Command.
  • A 4-meter dome from QuantaDyn Corp. The system incorporates powerful high-fidelity 4K projectors and an AudioCue directional sound system from Barco and uses VBS Blue IG for visuals, Battlespace Simulation’s MACE software as the simulation host, and QuantaDyn’s DIScover software for interoperability.
  • A D-BOX Motion Cueing System and an Ausimtech Motion Platform combined for flight simulation applications including an F/A-18 Hornet and attack helicopter simulation.
  • Demonstrations of TerraSim database creation technology for BISim’s whole-earth technology, VBS Blue.

Demonstrations will be offered hourly and attendees will have time to test out the technologies themselves or ask questions.

Event Information:

The event will be held at BISim’s Orlando Headquarters Nov. 1st through Nov. 3rd from 9 a.m. to 5 p.m. with demonstrations on the hour and opportunities to experience the latest in cutting-edge VBS technology for yourself.

If you are interested in attending please email Lucas Sumners, lsumners@foxguardsolutions.com or call him at 540-382-4234 Ext. 184.

WANT TO LEARN MORE ABOUT FOXGUARD’S SIMULATION CAPABILITIES?

FoxGuard has 35+ years’ experience configuring computer solutions, integrating racks, developing images, securing licenses, and ensuring hardware, software and OS compatibility to free up your resources to pursue growth. We can configure and ship a turnkey solution to your designated solution.

LEARN MORE

 

 

Has your WI-FI been KRACKed?

WHAT IS KRACK
Key Re-Installation Attack (KRACK) is the newest attack to Wi-Fi, and one of the most serious to date. This attack allows malicious actors to infiltrate a wireless network and decrypt packets sent across that network. These vulnerabilities exist in the Wi-Fi Protected Access II (WPA2) security protocol, and not any individual implementation of it. Therefore, any WPA2 implementation is likely affected. This hits hard because WPA2 is one of the most commonly used wireless security protocols, and is the most secure among the other commonly used protocols. Similar to previous WPA2 attacks, KRACKs primary target is the WPA2 four way handshake, which is used in the protocol to authenticate the client with the wireless access point without actually disclosing the key. During the the packet exchange of the four way handshake, an attacker can use KRACK to trick a victim machine into re-installing a key that is already in use by replaying the handshake packets. These keys should only be used once, which promotes security, but this exploit has found the the WPA2 protocol is not immune from forced key reuse. Once key reuse has been forced, an attacker can decrypt any network traffic encrypted by WPA2, which allows attackers, in combination with other tools such as sslstrip, to steal sensitive information such as username and passwords by performing a man in the middle attack. The attack also allows them to not only view, but even inject malicious code into unencrypted http sites, opening the victim up to another range of attacks.
Android and Linux devices are especially vulnerable due to their implementation of the Wi-Fi standard, which suggests that the encryption key should be cleared from memory after it has been installed for the first time. This essentially forces these devices to install an all zero encryption key, rather than reusing the previous key, making it even easier for an attacker to decrypt, and inject malicious data. This extra vulnerability affects roughly half of the 2 billion android devices currently in use, which goes to show the enormous scale this exploit could have. Additionally, when updates do start rolling out for this vulnerability, both the wireless access point and the wireless client need to be patched to prevent against the exploit. One patched without the other still leaves equipment open to the KRACK exploit.

WHAT YOU CAN DO
There are several steps FoxGuard recommends users and IT Professionals take to help mitigate the vulnerability. Firstly, a Virtual Private Network (VPN) should be used whenever possible. This encrypts all traffic between the access point and the wireless client, and connects you back to either a server at work, or a public server and provides a reasonable layer of security. Being as this exploit does not actually allow the attacker to gain network access, but rather decrypt the wireless traffic, any traffic communicating via hardwired Ethernet cable would not be affected, therefore, wired connections should be used where feasible. Users should also be on the lookout to make sure their login sites are using HTTPS. This exploit coupled with a tool such as sslstrip could allow an attacker to force use of non secure websites, which allows them to easily capture passwords and other sensitive data. A properly configured web server should prevent this from happening, but users should always check to make sure they are using a secure HTTPS site before logging in. Lastly, as with any vulnerability, FoxGuard recommends remaining vigilant about released patches and updates that address the issue.

AVAILABLE PATCHES
Some vendors, such as Microsoft, have already released patches for the exploit. A list of vendors and their known responses to the exploit can be found here:
https://github.com/kristate/krackinfo#vendor-response-complete

MORE INFORMATION
Additional information on the attack can be found using the links below:
https://www.krackattacks.com/
https://www.wired.com/story/krack-wi-fi-wpa2-vulnerability/
http://www.zdnet.com/article/here-is-every-patch-for-krack-wi-fi-attack-available-right-now/
https://www.us-cert.gov/ncas/current-activity/2017/10/16/CERTCC-Reports-WPA2-Vulnerabilities

 

WANT TO LEARN MORE ABOUT PATCH MANAGEMENT?
FoxGuard provides a wide range of patch management solutions that help entities identify and mitigate gaps in the security of their systems and prepare for NERC CIP audits. We host a webinar series to discuss ways to develop and implement a robust patch management program. Reserve your spot in our next session.

RESERVE YOUR SPOT

If you want to discuss something specific, we will do that too! Just reach out, tell us what your challenges are, and we will have one of our security experts contact you.

TALK TO AN EXPERT

Patching Lessons Learned – Part 4

“Private” Patches 

So far, we’ve learned that there is a difference in patching IT vs. OT equipment and that all patches are not created equal.  Our next lesson learned is that not all patches are readily available on the Internet. In many cases, product vendors will require a support contract in order to receive ongoing support and access to patches. As such, the utilities are required to know which vendors require this level of support in order to track and retrieve patches on an ongoing bases. For some vendors, this information may be provided on a customer-specific portal, through a newsletter or email or perhaps even a direct phone call. A variety of contact methods may be required for ongoing patch due diligence to confirm whether or not a patch was released during a designated time period.

 

Check back for more in our series on lessons learned that should be considered when building a healthy patch management program or click here to download the Ten Lessons Learned About Patch Management Whitepaper.

 

WANT TO LEARN MORE ABOUT PATCH MANAGEMENT?
FoxGuard provides a wide range of patch management solutions that help entities identify and mitigate gaps in the security of their systems and prepare for NERC CIP audits. We host a webinar series to discuss ways to develop and implement a robust patch management program. Reserve your spot in our next session.

RESERVE YOUR SPOT

If you want to discuss something specific, we will do that too! Just reach out, tell us what your challenges are, and we will have one of our security experts contact you.

TALK TO AN EXPERT

Patching Lessons Learned – Part 3

All Patches are not Created Equal 

In our last post we learned that there is a difference between IT and OT environments. Now it is important to know that to ensure that you are installing the proper patches in the proper fashion, you must understand all patches are not created equal.  It is critical to know the four different types of patches and track which of the four types of patches apply to each of your devices:a. Primary – This is a patch that has dependent patches.b. Dependent – A primary patch exists that must be installed prior to installing the subsequent dependent patch.c. Standalone – These patches can be installed independently and have no other stipulations.d. Cumulative – These patches are also sometimes referred to as “roll-up”. This means that the latest release of a patch includes the features and bug fixes from all previous releases. 

 

 

Check back for more in our series on lessons learned that should be considered when building a healthy patch management program or click here to download the Ten Lessons Learned About Patch Management Whitepaper.

 

WANT TO LEARN MORE ABOUT PATCH MANAGEMENT?
FoxGuard provides a wide range of patch management solutions that help entities identify and mitigate gaps in the security of their systems and prepare for NERC CIP audits. We host a webinar series to discuss ways to develop and implement a robust patch management program. Reserve your spot in our next session.

RESERVE YOUR SPOT

If you want to discuss something specific, we will do that too! Just reach out, tell us what your challenges are, and we will have one of our security experts contact you.

TALK TO AN EXPERT

Patching Lessons Learned – Part 2

 Information Technology (IT) vs. Operational Technology (OT)

Our last post focused on the definition of a “patch” and why “patching” is important.  Today, we are sharing some of our lessons learned with regard to building a healthy patch management program.For starters, all systems are not the same and should not be treated as such.

There IS a difference when it comes to patching in the Information Technology (IT) vs. Operational Technology (OT) environments.  With a common office desktop, if you have an issue with your computer, it may simply be rebooted after patch installation and, in many cases that will resolve the issue. However, with OT equipment, timing and validation are critical to patch installation on a critical asset. Additionally, many of these devices cannot be rebooted or turned off at will, as there could be grave consequences to doing so cavalierly. 

 

 

Check back for more in our series on lessons learned that should be considered when building a healthy patch management program or click here to download the Ten Lessons Learned About Patch Management Whitepaper.

 

WANT TO LEARN MORE ABOUT PATCH MANAGEMENT?
FoxGuard provides a wide range of patch management solutions that help entities identify and mitigate gaps in the security of their systems and prepare for NERC CIP audits. We host a webinar series to discuss ways to develop and implement a robust patch management program. Reserve your spot in our next session.

RESERVE YOUR SPOT

If you want to discuss something specific, we will do that too! Just reach out, tell us what your challenges are, and we will have one of our security experts contact you.

TALK TO AN EXPERT

What’s a “Patch” and Why is It Important?

This is the first post in a series that we’ll be sharing with regard to Patch Management “lessons learned”.

FoxGuard Solutions has been in business since 1981 and has been serving the energy industry for over 25 years. We have also been providing patch management solutions for industrial control systems via original equipment vendors (OEMs), as well as directly to energy utilities for many years. We have a long history of doing this work which provides us with a unique perspective, as well as gives us extensive knowledge of the patching burden. As such, we want to share our insight and some “lessons learned” along the way.

It is important to level set on what a “patch” really is. According to Wikipedia (https://en.wikipedia.org/wiki/Patch_(computing), a patch can be defined as follows:A patch is a piece of software designed to update a computer program or its supporting data, to fix or improve it. This includes fixing security vulnerabilities and other bugs, with such patches usually called bugfixes or bug fixes.

In the instance of industrial control systems, patches are applied to firmware, operating systems and software applications installed as part of the control system suite. It is important to understand the scope and depth of equipment which is susceptible to needing a software patch applied.

Scope is defined in NERC CIP based on the User’s ability to apply an update and may include: 

    –    Devices (network, field, and other single-purpose devices that run firmware)
    –    Appliances (usually an embedded or full OS with a controlled set of installed applications and services)
    –    Workstations
    –    Servers

Each of these items may have their own unique way of managing, validating, installing and monitoring for patches, making it difficult to manage a healthy and comprehensive patch management program. When patching is so involved and difficult, it is worthwhile to talk through WHY it is so important. It may be obvious, but energy utilities are high-risk targets. Attacks such as Stuxnet and the one in Ukraine show that the “bad guys” (funded Nation States, not just casual hackers) have their eyes on this industry. In addition, patches are crucial to protect against vulnerabilities.

According to Kaspersky Labs Industrial Control Systems Vulnerabilities Statistics, there were: 

    –    4,189 known vulnerabilities in ICS in 2015
    –    426 had exploits available
    –    4,170 had patches available

If protecting critical assets from vulnerabilities is not motivation enough, regulatory standards, such as NERC CIP-007-6, R2.1, 2.2, 2.3 and 2.4, have clear requirements surrounding patch management with large fines threatened as consequence for failure to comply. Now that we understand what needs to be patched and why, check back for more in our series on lessons learned that should be considered when building a healthy patch management program or click here to download the Ten Lessons Learned About Patch Management Whitepaper.

 

WANT TO LEARN MORE ABOUT PATCH MANAGEMENT?
FoxGuard provides a wide range of patch management solutions that help entities identify and mitigate gaps in the security of their systems and prepare for NERC CIP audits. We host a webinar series to discuss ways to develop and implement a robust patch management program. Reserve your spot in our next session.

RESERVE YOUR SPOT

If you want to discuss something specific, we will do that too! Just reach out, tell us what your challenges are, and we will have one of our security experts contact you.

TALK TO AN EXPERT