talk to Us

3 Ways to Reduce Cybersecurity Threats – Facility Subnets in EPMS

In today's digital landscape, cybersecurity threats are more prevalent than ever, and understanding how to mitigate them is crucial for every organization. Discover three essential strategies to enhance your facility's security: fostering communication between operations and IT, conducting regular security audits, and thoroughly reviewing new devices and software before deployment. By bridging the gap between these two critical areas, you can protect your network from vulnerabilities and ensure a safer environment. Don't wait until it's too late—learn how to safeguard your systems and avoid becoming a target for cybercriminals. Read on to empower your facility with knowledge and solutions!

Cybersecurity Threats | Facility Subnet Equipment

Many people are surprised to hear that APT is in the CyberSecurity business. It certainly wasn’t our plan. But, after helping dozens of customers upgrade their servers, operating systems, databases, switches, gateways, and metering devices. We realized the common issues facing cybersecurity threats were obsolete products, firmware, and software.

Recently, APT upgraded firmware in hundreds of brand new PM 8000 meters recently sold( due to a manufacturer-issued CyberSecurity vulnerability notice). This alerted the customers and APT to the problem but, unfortunately, did not provide a solution. APT worked with our customers to prioritize a list of their affected equipment. We train their people to upgrade firmware properly and, in many cases, perform the firmware upgrades on the customer’s behalf.

This problem isn’t going away – in fact, it is bigger than ever.

3 Ways to Reduce Cybersecurity Threats

1. Communications Between Operations and IT 

The first and most vital tool to harden control networks is communication (not simple communication but full-fledged teamwork). Everyone has a vested interest in doing a good job and keeping their environment safe. The problem resides in people from two different worlds trying to bridge the gap between them. 

Building control engineers and technicians understand the devices and applications that allow them to control a system or building. They focus on maintaining that system or building, avoiding out-of-spec or downtime conditions.

a woman is sitting at a desk with two computer monitors and a laptop .

Corporate Information Technology (IT) professionals focus on the corporate assets (servers/switches/wireless access points/laptops) deployed and maintained for the corporation to run their business. Moreover, rarely do they have the bandwidth to inventory and verify

equipment connected to the facility’s corporate network. Instead, they trust that the operations team will handle that responsibility.

This gap between operations and IT is where APT can help.

The facility’s specialty systems rely on a cooperate network for communication and data collection. As well as, security access card readers, closed-circuit television cameras, fire and life safety alarm systems, HVAC instruments, and power monitoring devices. Our experience with these devices and systems can help you get a leg up on finding the vulnerabilities and prioritizing what problems to solve first.

Don’t become a vulnerable access point for bad actors. These groups need to collaborate to close the gap between them in order to ensure secure system and device installations. Nobody wants to be in the news for that reason.

2. Regular Security Audits by Operations

Regular security audits are the second most important tool in your toolbox to protect your network and are often the least expensive to implement. Yet most operations teams believe audits to be the corporate IT department’s responsibility. Nothing could be farther from the truth – if you installed it and operate it on the network – YOU OWN IT.

a group of people are sitting at a table with laptops and papers .

Meanwhile, operations teams, just like the corporate IT department, often don’t have the personnel or expertise to even begin auditing their systems.

An audit’s effectiveness depends on detailed preparation. Performing a careful review of the current threat environment is crucial in identifying the latest vulnerabilities. Additionally, a mechanism for detecting these vulnerabilities must be devised.

Subsequently, these checks then integrate with existing assessments to complete an audit plan. When these audits reveal issues, taking swift remedial action is necessary to ensure they will not reoccur.

3. Review New Devices and Software 

The third tool for protecting your network is a thorough review of all new devices and software to be allowed in your environment BEFORE deployment. This process includes a formal review and approval to introduce new devices or software. For instance, this ensures you aren’t inviting a trojan horse in. Typically this is required by corporate IT departments but often bypassed for the operations equipment and software. 

a laptop computer is open to a graph on the screen .

Modern smart devices are more capable, often running a real operating system such as Linux. In essence, desktops now are a fully capable computing resource (leaving them just as vulnerable). Moreover, these devices are a valuable part of your control network and should be assessed for potential cybersecurity threats.

Furthermore, this can be as simple as adding a section to your specifications for capital projects, requiring vendor submittal documentation for new software, firmware, and hardware connecting to your network. APT’s 25 years of experience closing the gap between operations and IT can help you get it right the first time.

APT 4 Cybersecurity Solutions

APT is uniquely positioned to help companies bridge the gap between the corporate IT department’s responsibility and the operations team’s equipment. Implementing the first three steps will get you off to a great start.

a man in a hard hat is working on a control panel .

Don’t stop there. Contact APT to start closing the gap today. Let us make your network a safer and more secure environment. Don’t end up in the news for the wrong reasons.

Rick Deming, Systems Engineer APT

Share the Post:

Related Posts

Sub-Synchronous Oscillation: A Starter Guide for the AI Data Center Era

Sub-synchronous oscillation (SSO) is quickly becoming one of the most important and least understood power risks for AI-era data centers. This starter article steps into the theory behind SSO and why it matters, with the goal of giving you enough grounding to recognize the issue and ask better questions. Over the next few weeks, we will keep returning to this topic and dig deeper into the engineering side, from real data center examples to how monitoring, analytics, and design choices can keep these oscillations from turning into outages.

Read More

NFPA 70B: Why Your Annual IR Scan is Already Obsolete

The 2023 NFPA 70B update, now makes mandatory annual infrared (IR) thermography inspections, impacting OSHA compliance, insurance liability, and a number of other compliance factors. Learn how alternatives exist to manual scanning – enable continuous monitoring systems to replace costly on-site scans, turning your compliance strategy into a proactive reliability asset. Don’t let outdated practices hinder your facility; stay ahead of potential failures and enhance operational efficiency.

Read More

I’m here to help! Make the first step to improve your life by reaching out today.

This site uses Cookies for the best experience.

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device.

Learn More
Continue