Include power in your cyber defense strategy

As hackers find new ways to steal information and disrupt business ── the ability to eliminate system vulnerabilities has never been more critical. Make sure your power system isn’t the weakest link in your cyber defense strategy. Learn how Eaton can help you build a strong foundation designed to ensure operational success and safety in the wake of increasing cyber threats. 

Power equipment isn't immune to hacking

When it comes to cybersecurity, safeguarding power equipment may not always rank top of mind. Yet with hackers relentlessly exploiting new devices in innovative ways, coupled with more employees working remotely than ever before, vulnerabilities are emerging that you may not have previously considered. Because infrastructure equipment is smarter and more interconnected than ever before, deploying an end-to-end cyber defense solution has become absolutely essential.

Eaton uniquely understands the severity of threats faced by today’s organizations and how to best protect yourself from cybersecurity attacks. We’ve developed an entire portfolio of products with ingrained measures to prevent intrusion and mitigate risks. While there are different ways to address both cyber and physical security in power equipment, our solutions work in harmony to provide resilient, layered protection that help keep your operations and personnel safe.

Endpoint device security is the top concern of IT pros for their remote workforce.

Spiceworks', 2021 State of IT Annual Report

Three ways power systems are vulnerable to hackers

We're all connected

Today’s world is more digitized and connected than ever before. While AI and the proliferation of IoT sensors deliver numerous benefits, they can also leave your organization vulnerable to attack. Connected devices and the vast amounts of data they generate create risks for companies of every shape and size, dramatically increasing the attack surface and number of entry points into a network. With so many employees now working remotely, information security and computer security have never been more critical.

The power grid

The U.S. electric grid is becoming more vulnerable to cyberattacks, largely due to industrial control systems and the rise of distributed resources, according to research from the U.S. Government Accountability Office. A cybersecurity threat assessment by Dragos determined multiple hacking groups have the capability to interfere with or disrupt power grids across the U.S., while the number of cyber-criminal operations targeting electricity and other utilities is on the rise.

The digital age

As organizations rapidly pursue digital transformation and adopt new technologies and business processes, security issues are on the rise. In fact, 85 percent of CISOs reported that security concerns during digital transformation had a "somewhat" to "extremely large" business impact. This is especially true for companies that lack integration across their security solutions and complete visibility into user, system and network behavior. Software and power systems must work together to ensure a cohesive, seamless and layered protection solution for optimal network security against computer malware and other attacks. 


How Eaton secures power equipment against vulnerabilities

Protecting your business against today’s ever-escalating cyber threats requires a multi-faceted approach. A sound cyber defense strategy involves not only properly securing devices, but deploying a software layer to manage those devices. Eaton’s product portfolio incorporates a variety of different mechanisms that address both digital and physical security in power equipment. As a result, everything works together seamlessly to form a comprehensive, resilient solution.

Firmware updates are essential

To stay ahead of evolving cybersecurity threats, it is essential to update firmware on all UPSs and PDUs.

Gigabit Network Card ── The industry’s first UPS network card with built-in cybersecurity features UL 2900-1 and IEC 62443-4-2 certification, with stronger encryption, configurable password policy and usage of CA and PKI signed certificates. 

IPM software ── Ensures uptime and data integrity with centralized power resource management while keeping data safe through graceful, sequential shutdown. IPM enables complete management of firmware updates.

Metered and Managed rackmount PDUs ── Simplifies load balancing and decision-making based on energy consumption through real-time monitoring, plus reboots connected loads with remote on/off switching (managed models) and turns off unused outlets to prevent unauthorized access (managed models).

TANlock by Eaton ── Keeps unwanted guests out of rack enclosures with two-factor authentication options, as well as monitors and manages access credential logins to provide access to specific individuals.

Rack enclosures ── Secure IT devices in sturdy 4-post racks enclosures featuring highly secure combination locks.

MiniRaQ by Eaton ── Secures IT equipment in a wallmount rack with a locking lid, heat removal, air filtering and data/cable management accessories.

When is the last time you checked the health of your power systems?

Eaton offers complimentary on-site or virtual power assessments that can help you determine the optimal power strategy for your particular organization.
Contact an Eaton expert to schedule this no-cost assessment, valued at $1,500!

1) A chilling ploy

The massive and widely publicized Target breach in 2014──which resulted in the theft of data on 40 million credit and debit cards ── was traced back to the retailer’s heating, ventilation and air conditioning (HVAC). Hackers stole login credentials belonging to a company that provided Target’s HVAC services and used that as an access point to the retailer’s financial systems. The incident prompted many companies that rely on internet-connected HVAC to recognize that their systems lacked adequate security. In fact, an assessment of 55,000 internet-connected HVAC systems by cloud security service provider Qualys revealed that most systems had flaws that would allow easy exploitation by hackers.

2) Now that was fishy

connected world2.jpg
In 2017, hackers stole high-roller data from a North American casino through an internet-connected thermometer inside an aquarium. They managed to access the network via the fish tank’s sensors, which regulated the temperature, food and cleanliness of the tank. It’s not the only time an unsecure thermostat caused a frenzy. In 2016, hackers left the residents of two apartment buildings in Finland in the freezing cold for nearly a week by launching a DDoS attack on their environmental control systems via thermostats.

3) Heart-stopping hack

In 2017, the FDA confirmed that St. Jude Medical’s implantable cardiac devices used to monitor patients’ heart functions could be easily hacked. Due to transmitter vulnerabilities, hackers were able to control shocks, administer incorrect pacing and deplete the battery. Other medical devices have also been targeted; the FDA issued a similar warning about the security of Medtronic insulin pumps, which hackers were able to remotely access and control.

4) Oh, baby!

Although baby monitors began as simple one-way radio transmitters, over the years they have evolved into sophisticated Wi-Fi enabled smart devices complete with features such as cameras and infrared vision. Unfortunately, the IoT devices aren’t smart enough to thwart hackers; in late 2018, a cyber crook accessed the wireless camera system in a U.S. monitor and threatened to kidnap the baby. Meanwhile, there are multiple reported incidents of strangers’ voices being heard over baby monitors.

5) Alexa, have you been hacked?

In August 2020, cybersecurity firm Check Point revealed that major vulnerabilities allowed researchers to access accounts and personal data in Alexa, Amazon’s AI-based intelligent virtual assistant (IVA). Part of a market that is expected to reach more than 15 billion by 2025, IVA devices can serve as entry points to a wide variety of home appliances and device controllers, underscoring the need to properly secure them.

Request your free site assessment

Frustrated with your environment, and more specifically, your power infrastructure? Let us ease your mind with a free power audit with a qualified expert.