Security advice for customers operating or installing real-time seismic systems using Güralp instrumentation
Security is a key priority in the design of all Güralp hardware and software. Recent media coverage has highlighted an investigation carried out in Costa Rica into potential vulnerabilities of seismic systems from the threat of hackers. We are continually reviewing the security arrangements and guidance we have in place for networking of our products and software. We would like to reassure customers that as long as our security guidance is followed, customers can mitigate the risks associated with the type of hacking methods used in the investigation.
Any instrument on a network is only as secure as the network itself. Once the instruments are exposed to the internet, the network operators are responsible for adhering to Güralp product guidance and network security good practice to protect their systems from hackers. The Güralp guidance recommends that users undertake the following when using all Güralp digital products:
- Change factory default passwords as soon as possible after purchasing
- Within the firewall of your internet access point (modem), restrict administrative access to the device to only those IP addresses owned by the instrument operator
- For complex network configurations, use either Guralp Secure TCP Multiplexor (GSTM), or a dedicated VPN (Virtual Private Network) for all connected devices
- Keep networked systems regularly updated by checking for firmware updates which can help to protect against any known security issues and bugs (e.g. Shellshock and Heartbleed bugs)
We are confident that the majority of Güralp customers are aware of the methods available to secure their networks, and most network operators already maintain highly secure systems.
Güralp’s software engineers will monitor the software security situation closely and will ensure that firmware updates are provided to users if necessary.
For full information on the steps necessary to secure your digital systems, please refer to the following guides: http://www.guralp.com/sw/securing-platinum-systems.shtml and http://www.guralp.com/howtos/securing-your-systems.shtml.
Güralp maintains very close relationships with all of our customers and our support team are ready to respond to customers with security enquiries.
MEDIA ENQUIRIES
MEDIA ENQUIRIES TO:
This email address is being protected from spambots. You need JavaScript enabled to view it.
For urgent enquiries please call 020 3727 1000 and speak to Fergus Wheeler, Louisa Feltes or Jess Gill.
NOTES TO EDITORS:
Güralp (www.guralp.com) is a leading global provider of sophisticated seismic monitoring solutions used to understand natural seismological events such as earthquakes, aftershocks and volcanos, as well as induced seismic events, or seismic signals, resulting from human activity.
Our solutions are used in research, civil and industrial applications to increase understanding, optimise processes and to protect people and the environment. Our equipment is installed in all major ocean basins and across all continents worldwide.
Our instruments range in performance from very low frequency, very low noise for global seismology to high dynamic range instruments for local, strong motion monitoring. Our sensors and can be supplied for deployment at the surface, in boreholes and on the ocean bottom. We also provide data acquisition equipment, power and communication accessories and data interpretation software.
Our services include installation and commissioning; network operation; repair and maintenance services; data processing and interpretation.
Headquartered in Reading, in the UK, we have been operating for more than 30 years and have established a global network of distributors who provide local customer support and sales services.