The AV system done it


What insecure technology is lurking on your networks?

Operational Technology. It turns lights on and off, heats and cools our buildings, and controls our conference rooms. It sits there innocuously ticking away year on year, rarely given more than a passing thought at best.

When was the last time you took a close look at the operational technology connected to your network?

What risks does your OT carry that your environment may be exposed to?

For the purpose of this article, I’m only going to consider OT in mixed use environments with SCADA systems, plant and production systems, and pure OT environments having different challenges and control requirements.

Historically, and in many modern organisations, IT and OT fall under differing management regimes that often have little interaction with one another. AV may be managed by a subset of IT, but is often ignored when setting security policies. As these systems increasingly connect to a common network, this can result in both systems exposing the other to risk.

Whilst awareness is increasing, too many people regard OT as dumb devices that don’t pose a security risk. It is critical to bear in mind that at some level, all of the connected OT equipment is a computer and must be treated as such.

Many AV and smart home systems run a web server to provide the user interface on both native devices as well as from a browser. These web servers may be readily accessible and the code readily modified with little if any security controls.

In the IT world, the idea of putting an unsecured web server inside our environment is almost unimaginable, yet we risk do so in connecting some control systems. To add insult to injury, some of these systems require active X or admin privileges for them to function properly…Click here to read full article.