You need an account to access this content
Create a free account and get access to all downloads and more!
17 May 2021
5 min read
It is estimated that by 2025, more than 75 billion devices will be connected to the internet. This is not just computers and smartphones, but also fridges, thermostats, cars and almost any other device that can be used for monitoring something in some way. Households are an obvious use, but also in industries transportation, manufacturing, logistics and retail. Undoubtedly having devices connected to the internet is convenient and can provide useful data for analytics, scheduling, security and even shopping. But there is also a dark side of such accessibility – cyber-attacks and hacking.
ComAp’s products can be connected to the internet for remote monitoring and management using services like WebSupervisor and we ensure that our products are nowadays being built to provide our customers with high levels of security including fulfilling the ISA62443, level 2 International Security Compliance Institute Standard when necessary.
The remote monitoring of ComAp products allows our customers to save time, save money, and provides reliable data for making crucial business decisions. However, these advantages require our products to be connected to the internet. Security has always been a focus at ComAp, so our customers can rest assured ComAp always has and always will take the security of customers data and equipment seriously.
Some ComAp products still in use are more than 20 years old and these legacy devices were developed in years when there was very different situation regarding cyber security and the requirements for online services were different.
Therefore, when using these devices today, external cybersecurity measures must be applied to adjust these devices to the current environment. The key measure is to not expose the web and/or MODBUS interfaces directly to public networks.
More recently developed products have the latest cybersecurity needs by design and in this way, we ensure that the platform fulfills relevant security standards. Security by design means that when we begin a new product development process, we start with the question “what are the requirements for cybersecurity?” As part of this process, we have developed five essential criteria for security.
1. Secured firmware
All new ComAp firmware is secured by encryption. This prevents any firmware from being uploaded into non-genuine or modified ComAp products. It also means that the controller will not accept any non-encrypted firmware when someone tries to upload it.
2. Ciphering of communication
Communication through public networks (Ethernet, Internet, AirGate) is bidirectionally secured by a ComAp-developed ciphering technology CCS. ComAp's proprietary ciphering technology is based on proven cryptographic algorithms, and it has been audited by an external security audit company, and it passed penetration tests successfully.
3. Protection against brute-force attack
ComAp’s controllers feature brute force attack detection during the user authentication process. If an attack is detected, the control unit is gradually blocked by prolonging the time between individual attempts to sign in – similar to a mobile phone preventing a user to access the phone if the PIN is entered incorrectly too many times.
4. Reliable user authentication
ComAp controllers, use authentication of unique user accounts similar to the way cyber security systems in the information technology work. All user access is logged, and any activity under a particular login is recorded. This secures tracking of all user activities in the control device but also enables highly flexible access rights management for controller administrators.
5. System security against data leakage
If an administrator loses access to the controller, a robust mechanism to retrieve the administrator access is used. This mechanism is based on a digital signature unique to the controller and requires double-factor authentication. Access can only be granted by ComAp. This prevents forgery and misuse by a non-authorized person.
We update firmware for our products for various reasons, including updating to any new security protocols, to add new features or to fix any bugs that may have been identified. We recommend all our customers to update their controllers’ firmware to the latest version as soon as practical for their application. The software updates are available on the products’ pages on our website. Installing the new firmware is easy, and our technical support department can provide any assistance you might need.
All ComAp controllers have a default password. This default password should be changed immediately upon installation of the controller. Do not choose a password that is easily guessed. If you need help changing the default password, consult the product manual or contact ComAp's technical support department.
We recommend to use multiple accounts and give users minimum levels of access needed to perform his/her job functions. Individual login credentials also ensure that any actions or changes made while a user is logged in can be recorded and monitored.
If you have any concerns or questions about your ComAp products, please contact your local ComAp representative.