Until recent times, water supply security was based largely on the principle of isolation. Process control systems were a series of disconnected systems and applications over decades, air-gapped by virtue of not being connected to other computers or to the internet and making infiltration by external cybercriminals unlikely.
In the last 20 years, Critical Infrastructure providers - including water and wastewater facilities - have modernized their plants and distribution networks, integrating IT assets with operational technology (OT) and industrial control systems (ICS). The converged domains have unified information and control networks, delivering advantages such as centralized management and visibility into OT production and performance.
On the downside, it didn’t take long for cybercriminals to discover they could access OT and ICS networks by gaining a foothold on internet-facing IT systems and moving laterally into adjacent connected OT assets. With that, a new era of cyber threats was born.
In the water and wastewater industries, threat actors have infiltrated IT assets to disrupt business systems. More alarmingly, attackers have damaged equipment, discharged wastewater into environmentally sensitive areas, and implanted ransomware that disrupted operations.
Then came COVID-19. When the pandemic forced nonessential businesses to close and employees began working from home, organizations had to quickly, and often haphazardly, deploy remote access environments. The new remote access setups often lacked basic protections such as multi-factor authentication or identity and access management (IAM). Cybercriminals quickly flooded unsuspecting remote workers with phishing and ransomware attacks, often using COVID-19 lures.
Increasingly Damaging Cyber Threats
Today, threat actors have shifted their focus to the OT systems of Critical Infrastructure providers. Legacy infrastructure, high impacts of downtime and service interruption make potential ransomware payouts a greater likelihood. In a recent survey, 83% of Critical Infrastructure providers reported at least one OT security breach in the prior 36 months.
What’s more, geopolitical tensions have risen dramatically. In recent months, conflicts have alarmed Critical Infrastructure operators and governments. Many cybersecurity experts believe that Russia’s aggressive moves on Ukraine will lead to cyberattacks on Critical Infrastructure in other parts of the world.
As in other industries, the number one cyber threat facing water and wastewater utilities is ransomware. This technique enables threat actors to infiltrate IT systems and networks, often using stolen credentials, and implant malicious software that allows them to worm into connected OT systems and encrypt data. The results can be disastrous.
For example, the high-profile breach of Colonial Pipeline in May 2021 shut down the company’s business systems and prompted it to preemptively disconnect OT systems. The entire pipeline was disabled, causing gas shortages across the eastern U.S. This attack clearly demonstrated the ability of threat actors to breach OT systems and underscored the potentially catastrophic impact of attacks on OT systems of Critical Infrastructure providers.
For water utilities, risks hit closer to home in February 2021. A hacker gained access to a water treatment plant in Oldsmar, Fla., and hijacked operational controls. The intruder spiked the system, adding sodium hydroxide, or lye, into the facility’s water system, contaminating it to dangerous levels. Had a plant operator not noticed and returned the lye to normal levels, thousands of people could have potentially been sickened, or worse.
Following the Oldsmar attack, the FBI and other federal agencies issued a joint advisory warning of escalating attacks on IT and OT networks, systems, and devices in the water and wastewater sector. The advisory warned operators to watch out for spear phishing, ransomware, and exploitation of outdated operating systems and firmware.
Though cyberattacks continuously evolve into more sophisticated threats, the good news is, most breaches take advantage of known and solvable gaps in an organization’s IT and OT infrastructure. Given the common nature of the gaps, available solutions and rising costs of unprotected operations, cybersecurity today must be considered as a cost of doing business – an operational insurance policy towards reliable uptime.
Want to evaluate your current cybersecurity preparedness? Access our FREE cybersecurity preparedness assessment below.
Article Source: Rockwell Automation