Move to the Security Isolated eLynx SCADA Monitoring Network
Our security team has discovered some of our customer's modems exposed on the public internet have been compromised by the IoTroop/Reaper botnet. We have activated our Computer Security Incident Response Team (CSIRT) and have reached out to infected customers to remedy their devices. While this incident was small and didn't affect the attached controllers and sensors - it highlights the need to communicate the risks of modems on public IP's.
Having SCADA modems/wireless gateway on the public internet is a high risk and is NOT recommended. Many modem vendors have immature security assurance practices, which allow fully patched modems to be compromised.
If you continue to operate modems on the public internet, there are risks of data overages that we may need to charge against your account, interception or modification of SCADA traffic, write-downs of dangerous values, etc.
The best practice is to move your modems on the public internet to our private SCADA monitoring network. Our SCADA monitoring network is designed to limit risks and be more secure:
- Supported on Verizon and ATT
- Each modem is logically isolated and can only connect to us and not spread malware to other devices
- VPNs from ATT/Verizon connect to our polling network
- Additional firewall rules limit impact and likelihood of security attacks
- Monitoring that goes beyond our ability to monitor modems on the public internet
There is NO COST to move your modems and connected devices to our more secure SCADA monitoring network - please open up a support ticket.
If you have questions or comments not appropriate for a support ticket feel free to contact our Chief Information Security Officer Alex Barclay.