Dear Niagara Community Member,
Over the past few months, there has been some well-needed government and media discussion related to the cyber-security posture of control systems. Cyber-threat watchers note that there continues to be a significant number of control systems configured in an insecure manner, and most concerning, exposed on the Internet. Our goal is to have zero Niagara Framework® deployments that fit these descriptions. Towards this goal, we are reminding our customers and business partners of recommended cyber security best practices:
* Do not expose your systems on the Internet. When any system is exposed on the Internet, it is discoverable by potential attackers and can be open to a range of potential attacks. We urge our customers to make certain that their systems are on networks that are configured with network security best practices, using a defense-in-depth approach. Customers should also perform periodic assessments on their systems, verifying and ensuring that those systems are not exposed on the Internet or other untrusted networks.
* Always update systems with the most recent security patches and updates. At Tridium, we continually release patches and security updates so that our customers’ systems can be updated with the most recent versions. It is critical that your systems are updated on a periodic basis to address ongoing cyber threats. Be sure to conduct periodic assessments of your systems to ensure that they are up-to-date with the latest patches and cybersecurity updates.
* Use our Niagara Hardening Guides to securely configure Niagara systems. Tridium has released security hardening guides for our AX products and our Niagara 4 family of products that include step-by-step instructions on best practices aimed at securing our products (available on our web site here and also here).
Certain cyber-threat researchers have pointed out that the FOX protocol, if enabled on a Niagara system, discloses version information about the system when a client connects. We provide this functionality to support interoperability between Niagara versions. On a trusted network, this should not be an issue; however, conveying this information on an untrusted network—like the Internet—exposes the system to risk. This is especially critical if the most recent security updates have not been applied. We are currently focusing on ways to minimize the amount of information conveyed at connection time in the FOX protocol and will share progress on this work once complete.
In the meantime, make sure that you have implemented the best practices listed above for all Niagara deployments that you oversee, and study our other resources focused on cyber security. Tridium has released a Cybersecurity White Paper focused on best practices for cyber security for any organization, including specific guidance for Niagara systems. We also have a TridiumTalk webinar focused on cyber security available on our web site. Finally, we recently released a video focused on cybersecurity challenges and what Tridium is doing related to cyber security available online on Tridium’s YouTube channel. If you have specific cyber-security related questions or need to report an issue that you believe is cyber-threat related, email us at firstname.lastname@example.org.
Cybersecurity is a priority at Tridium. We are dedicated to continuously improving the security posture of our products, and we will continue to update you as we release new security features, enhancements, and updates.