Meet Erik - The cyber security manager at Westermo

Erik Johansson has been with Westermo since 2015. Previously, he worked for ABB in the same role. Today, he helps Westermo raise awareness of the cyber security risks and how to best possible avoid or prevent them.

What is your role at Westermo?
I have worked here as the cyber security manager since February 2015. I am responsible for cyber security related things
regarding our products and solution offerings. I help writing requirements for our products and solutions and discuss how we can best implement them, and meet customers to hear what they think. I track vulnerabilities and make sure we take care of them in our reviews.

We already had very competent people working with some of what I do, but I help them coordinate things. One of the thing that strikes me here, is the amount of highly-skilled and competent people working so well together. That is something that still fascinates me and I am very happy to be here.

How did you become a cyber security expert?
Software development and software architecture is my background. I began my career at ABB in 1988, but left it later for a smaller company working with digital identity management. That is where I started working with cyber security full time. In 2008, I came back to ABB Network Management as a cyber security manager.

What is a typical day at Westermo like for you?
This is what makes my day interesting. I don’t know how my day will be like. There are no typical days here. There are always good days. There are very seldom bad days, but the days that might be bad from a security perspective are instead very interesting to me, personally. In that sense, they are good days too.

It has been a lot of marketing positions and a lot of documentation of material that has been produced. I have been travelling a lot to seminars and speaking at events too. Some events are customer-based, some we pay for ourselves but I also get speaker invitations. There is definitely an interest out there.

How do we find the cyber security vulnerabilities?
We find most of them by tracking the available communities. We look at public disclosures. We do not do much internal assessments ourselves today. That is something that we want to strengthen and work more proactively with.

What is the biggest challenge with cyber security?
Being one step ahead is one thing we will never be able to be. So the answer is try to raise a general awareness, for example, to make sure we don’t open attachments in our emails that will infect our computers with malwares of different kinds. We try to make our customers understand the threats and to help them use our products in sensible ways in production environments.

We are all the same, but the major difference between the home-user and our customers is the perseverance of the attacker. We have threats where groups of individuals have the time, the resources and the skills to go for specific, critical infrastructure targets. They can attack a target for years. 2015, in Ukraine three substations were taken out using malware. The way they did it was exactly the same way we all get infected. It all begins with an infected email attachment, but the difference is this will not happen to you at home. At home you are generally attacked, but the methodology and the technology are the same.

It is not the technology that is the problem, it is the way people behave. It is nice to have good technology like our products, but focusing on people and their behaviours is more important. What will protect you is your knowledge.

 

WeOS 4.18.1 security update

Westermo has released a permanent fix for the vulnerability reported in CVE-2015-7547 (WEOS-16-03) that affects WeOS releases 4.12.0 - 4.18.0.

An attacker that successfully masquerades as an upstream DNS server may serve the WeOS device with malicious DNS query responses that can allow the attacker full unauthorized access to the device.

Organizations using any of the above WeOS versions are encouraged to upgrade to 4.18.1 to mitigate this vulnerability.

Alternative mitigation involves discontinuation of external DNS servers and configuration of static hostnames following the instructions below:

  • Configure DNS servers to be 127.0.0.1. See section 19.3.3 DNS client – setting DNS server and dynamic DNS of the WeOS Management Guide.
  • Add static hostname lookup entries for all hostnames configured in the device. See section 19.7.8 Add static hostname lookup entry of the WeOS Management Guide


“The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack.”

See WeOS-16-03: Security advisory

Download WeOS 4.18.1

WeOS units manufactured after the release of WeOS 4.18.1 will have the latest version installed.

The new version of the WeOS firmware is also available for download from the Westermo website. Version 4.18.1 is verified to support all active WeOS products, i.e products presented on the website at the time of release.

Read more about WeOS and download the new version here: Go to WeOS download page

CVE-2015-7547 glibc getaddrinfo stack-based buffer overflow

Westermo is working on a permanent fix for a vulnerability reported in CVE-2015-7547. Until then, we recommend user of WeOS versions 4.12.0 through 4.18.0 to consider reconfiguration of DNS and static hostname lookup as follows:

  • Configure DNS servers to be 127.0.0.1
  • Add static hostname lookup entries for all hostnames configured in the device
  • Refer to the WeOS appropriate Management Guide for more information. For WeOS version 4.18.0, the relevant sections are:

o    19.3.3 DNS client – setting DNS server and dynamic DNS
o    19.7.8 Add static hostname lookup entry

An attacker that successfully masquerade as an upstream DNS server may serve the WeOS device with malicious DNS query response that can allow the attacker full unauthorized access to the device.

 “The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack.”

Download Westermo Security Advisory WEOS-16-03.

More information:

https://googleonlinesecurity.blogspot.se/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html

https://github.com/fjserna/CVE-2015-7547

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547

 

Security Advisory: WEOS-15-06 Default factory web interface certificate

WeOS products running WeOS versions 4.2.0 and newer share a common self-signed certificate and private key from factory. An attacker can extract the private key from our WeOS firmware and masquerade as a WeOS device. If successful, the attacker may be able to obtain credentials from an end-user that enter their credentials in the belief it is a valid WeOS device they are accessing. To be successful, the attacker must be able to access and inject themselves in the the network path between the end-user and the legitimate WeOS device.

Westermo provides self-signed certificates from factory to minimize the risk of compromise in the time between shipping and commissioning, but we strongly recommend our WeOS users to replace the default certificate and private key with ones they trust, typically coming from their own corporate certificate authority. The ability to replace the web interface certificate and private key exists as a tech preview (undocumented and with limited user interface support) since WeOS version 4.15.2.

WeOS users that utilize the web interface for management of the device should ensure that:

  • they've upgraded to the latest version of WeOS, which is 4.18.0
    at the time of writing, and
  • they've replaced the default password with a strong unique one
    in compliance with corporate security policy, and
  • Insecure management services like ipconfig, telnet and http are
    disabled for all interfaces, and
  • https, ssh and snmp services are only exposed to the most
    secure interfaces (typically those facing higher security zones), and
  • the default web interface certificate is replaced following the procedure
    described in the security advisory linked below

Download Security Advisory

Westermo advises major maritime companies of need for cyber protection

Westermo has delivered a lecture on the risks of cyber-attacks against the maritime sector to major industry players at the Advanced Vessels conference in Norway. Erik Johansson, cyber security manager at Westermo was one of the expert speakers invited to the event, and gave a presentation entitled ‘Cyber security: more than a myth - a demonstration of a cyber-attacks on the marine industry’.

The lecture looked at the potential for cyber-attacks on ships’ industrial data communications and control systems, which, given that shipping companies are becoming increasingly reliant upon information technology to conduct their operations was of great interest to many delegates. As well as looking at the potential threats, Erik Johansson also spoke about ways of combating such attacks and making the industry more cyber-aware.

“Because major efforts are being made to improve safety and security in the maritime sector, the latest procedures and technologies related to cyber security was very much a focal point of the conference,” explained Erik. “With its long history of providing reliable and resilient networks, Westermo is ideally positioned to advise the maritime sector on, not only the threats posed, but also the right procedures, technologies and solutions to protect vessels from these attacks.”

The lecture, held on the final day of the two-day conference was delivered to a sold-out audience of representatives from some of the industry’s leading companies, including Rolls-Royce Marine, Siemens, ABB, Kongsberg Maritime and DNV GL.

The event was arranged by NFA, the Norwegian Society of Automatic Control. Now in its 12th year, the conference has become an important meeting place for those working in the maritime sector, showcasing major developments taking place in Norwegian shipping, both operationally and technologically.

WeOS Security Update

A new security vulnerability has recently been highlighted called GHOST. This particular Linux security issue CVE-2015-0235 is not perceived by the industry to be as severe a problem as Heartbleed or Shellshock.  Despite this Westermo sees network security as a top priority for critical infrastructure solutions and therefore has released a new version of WeOS (4.16.0) to provide protection for this issue.

WeOS releases 4.12.x – 4.15.x are affected by this vulnerability and organisations who are using any of these versions should upgrade to WeOS 4.16.0 to eliminate any risk caused by GHOST.

If a version upgrade is not immediately practical then users of the affected versions can implement the following workarounds to resolve the issue in their installation:

  • SSL tunnel: this function was introduced in WeOS 4.14.0. The security issue with this function can be eliminated by deactivating the SSL tunnel functionality.
  • IPsec tunnel: the security issue is eliminated through use of PSK or by disabling IPSec.

Westermo is a market leader in the design and manufacture of robust industrial networking equipment designed for use in critical infrastructure applications. This equipment is powered by WeOS which is under constant, in house, development allowing our R&D team to dynamically resolve any security risks as they may arise.

Go to the WeOS download page

Shellshock – without impact on Westermo products

A Linux security issue in systems using the Bash shell was announced to the world yesterday. This vulnerability, CVE-2014 - 6271, called Shellshock enables unauthorised execution of malicious code on affected systems.

Westermo does not use the Bash shell in WeOS and customers that are using our products are therefore not affected by this security issue. No action is therefore required to be implemented in existing installations with Westermo products.

Westermo sees network security as a top priority within critical infrastructure solutions, therefore we have also verified that the secrurity issue effecting Bash can not be triggered using the CLI part of WeOS.

Heartbleed - Security vulnerability fixed in rapid time

A security vulnerability within systems using OpenSSL encryption has been widely reported around the globe over recent days. This vulnerability, CVE-2014 – 0160, has been named Heartbleed and could allow data, including passwords and encryption keys, to be read from effected systems.

Westermo has used OpenSSL code within the WeOS operating system since version 4.12.0 released on 14 June 2013. Although the issue is most significant for server equipment connected directly to the internet we believe that this security flaw is significant and have decided to issue a firmware update immediately for use by users that may be concerned about this risk.

Westermo see network security as a top priority within critical infrastructure solutions and believe we are the first industrial switch manufacturer to issue a fix for this problem. The new version of the WeOS firmware is ready to be downloaded directly from the Westermo Website. For any help in upgrading your equipment or for advice on the possible security risks then please contact our technical support team.

Please visit the Firmware section to download

Request a quote

Your contact information:
Your name:
Your company:
Your country:
Your telephone:
Your E-mail address:
Your message:
I would like to subscribe to your monthly newsletter
The subscription can be terminated at any time and your email address will not be forwarded or used for any other purpose.
You do not have JavaScript: