Greetings and welcome back. This week we begin a study of the Cyber and Physical Security for Rural Telecom Sites. If you are a provider of telecom and broadband services to rural areas, you know that cybersecurity and physical security are large and growing concerns. The huge geographic areas that your network covers and the relatively few personnel to cover them makes for serious security challenges and we will address the cyber and physical challenges of these sites during this blog series.
To begin with, there are roughly 1000 companies in the United States who are classified as rural telecom providers. Having spent a good deal of my life in rural country, I have an appreciation for the companies who serve these large areas of our country and understand that the growing threats of cybersecurity and continuing threats to physical security are likely to increase over time. In fact, several cyberattacks on rural municipalities and utilities show that rural operations are increasingly becoming cyber targets. When you add to that the damage from physical attacks – such as this highly destructive cable cutting in rural Northern California – its clear that bad guys are targeting rural utilities and that these are not isolated instances.
In this first part of the blog series, we’re going to look at cybersecurity backdoors in your remote plant and equipment as well as in your head-end sites. If we want to address this subject in a practical way, we must first ask: “What network ports within my sites could be used by a hacker as a back door?”
We have done a thorough scan of rural telecom and broadband sites throughout the U.S. to find out the correct answer to this question. While we will not release the total number of ports involved for security reasons, we can say that open ports with minimal security on rural utility networks total in the hundreds of thousands. The avenues most commonly used in attacks by the bad guys are remote management ports which see little traffic but, which are most often left open for the convenience of the user. The ports which we found to be open in large numbers in rural telecom sites are:
- Port 21 – FTP – File Transfer Protocol: an unencrypted protocol used for downloading firmware and other updates
- Port 22 – SSH – Secure Shell: a well-secured means for remote login and command-line system changes
- Port 23 – Telnet – an unencrypted protocol used for remote login and command-line system changes
- Port 69 – TFTP – Trivial File Transfer Protocol: an unencrypted and non-passworded protocol for updates
- Port 80 – HTTP – Hyper Text Transfer Protocol: an unencrypted protocol used for web-page access and system changes
- Port 161 – SNMP – Simple Network Management Protocol: a modestly encrypted protocol used for remote management
- Port 443 – HTTPS – the encrypted version of HTTP that allows for the encrypted transmission of web-page access
- Port 502 – Modbus – an unencrypted protocol designed for remote management of power and cooling systems
- Port 47808 – BACnet – a lightly encrypted protocol designed for mechanical and electrical systems
Looking at this list, the first thing that comes to mind is: That’s a LOT of open ports and a LOT of options for hackers to target! Granted, each device typically only has 2-4 ports open but, as the thief says: “I only need one…”
In studying open ports that can be seen directly on the Internet through the Shodan Search Engine, the most numerous systems on your network are NOT computers but, rather:
- Network Switches
- Power Distribution Units
- Backup Power Systems
- Telecom Systems
Because open ports on these systems have minimal security, they are not a challenge for even a hacker of modest skill to gain access. Once a cybercriminal accesses one of these ports, they can then take control of that system and can then begin to hop from one system to the next until a value-rich-target system is penetrated. When they arrive at their high-value target destination, they can then:
- Harm, shutdown or destroy one or more of your systems directly
- Place Malware into your systems that can constantly scan and steal interesting data over long periods of time
- Place Ransomware on your system to force you to pay Ransom of his choosing and in his timing
- Steal data immediately from a data source such as a server or desktop computer and then cover their steps
OK – that’s a lot of information to absorb for now so, at this point, its time to summarize this first blog about rural telecom security. The first point is that your remote and local sites have many types of systems, each which likely has at least one open port with little or no security. These systems are, therefore, easily penetrated by a cybercriminal and can be used to harm your systems and to steal data from your our customers.
The question to be asked is: “What can be done to stop this?” Our RackGaurdian and CyberGuardian products are unique in this field because they block the cybercriminals from even be able to see your systems while, at the same time, allowing you to securely manage your systems from any location. They create a stealth-shield around your systems making them invisible on a network but, provide you with a secure, encrypted channel of communications with those units. All of this power is tied-together with our secure cloud-based system, meaning that there is no limit to the number of devices that you can protect and manage.
Please think about these things and, if you would like to have a confidential discussion about your security needs, please feel free to give us a call. We’re here to help and we understand the needs of rural utility providers.
Until Next Time,