From power and water grids to transportation and communication networks, critical infrastructure underpins much of daily urban life.
These vital components ensure the smooth flow of resources and information, which means any disruptions that occur have significant ramifications. These can range from minor inconveniences for residents to large-scale losses for businesses.
The threat landscape for critical infrastructure is diverse and constantly evolving, as are the types of cybercriminals launching the attacks. They include state-sponsored actors who target critical infrastructure for espionage, sabotage, or political pressure. Examples include the Stuxnet attack on Iranian nuclear facilities and the 2020 cyberattacks on Ukrainian power grids.
Criminal organisations are also involved in some attacks and tend to use ransomware as their tactic of choice. The 2021 Colonial Pipeline attack, which disrupted fuel supplies on the United States east coast, is a stark reminder of the potential consequences.
Water Supply Infrastructure Attracting Increasing Attention
Around the world, water utilities in particular are finding themselves fighting an increasing battle against cyberthreats. Tactics can include shutting down supply to consumers or tainting water with additives that make it unusable. The cost of rectifying such incidents can be significant in both time and money.
One example occurred at the US-based Florida Water Treatment Plant in early 2021 when hackers gained access to the control systems of a water treatment plant in Oldsmar. Fortunately, they were unable to manipulate water supply or treatment processes, however, the incident highlighted the vulnerability of water infrastructure to cyberattacks.
Utilities experiencing cyberattacks and their customers can suffer in a number of ways. If water quality is compromised, it could lead to health problems which may lead to long-term legal battles. There is also the prospect of a negative impact on an organisation’s reputation and brand.
Embracing the Internet of Things (IoT)
To lower the chances of suffering a successful cyberattack, growing numbers of utilities are embracing the concept of the Internet of Things (IoT). This strategy involves deploying digital sensors across the water network and associated infrastructure that report back on events that could have an impact on anything from equipment operation to flows and quality.
In the water sector, IoT strategies build on the much older concept of operational technology (OT). These systems comprise everything from industrial control systems (ICS), supervisory control and data acquisition (SCADA) systems and programmable logic controllers (PLCs).
While the benefits of both IoT and OT are clear, things become more worrying when they are viewed from the perspective of IT security. Many of the older systems still in use today were designed and built using open communication protocols and comprise components that cannot be patched or updated.
Another concern stems from the fact that increasing numbers of infrastructure components are now also being exposed to the public internet. This opens a new potential door for cybercriminals intent on gaining access.
An Urgent Need to Improve Visibility
Faced with this challenge, water utilities need to find ways to boost the level of visibility they have into their infrastructures. This is required to enable threats to be spotted early, and remediation steps undertaken.
Unfortunately, however, there are all-too-often gaps in a utility’s ability to gather and analyse telemetry data collected from OT systems. As a result, security analysts are unable to make a correlation of changes in those physical processes that might be indicative of a potential event.
To change this situation, increasing numbers of water utilities are deploying security information and event management (SIEM) platforms. Such platforms make it significantly easier for security operations centre (SOC) teams to examine SCADA networks and identify unauthorised activity.
Giving Security the Priority It Needs
Once improved visibility has been achieved, it can then become a core element in a wider security-focused strategy. This encompasses both OT and IT elements and ensures effective security measures are in place across the entire operation.
This strategy, like a well-drilled emergency response, should map out every stage of the cyberthreat lifecycle, from detection and containment to recovery and prevention.
A security-focused strategy will also help to ensure that the human element of effective security is not overlooked. Regular training equips employees to be the first responders, recognising and reporting suspicious activity. From securing passwords to spotting phishing attempts, their vigilance can nip threats in the bud before they escalate and cause wider issues.
By deploying SIEMs and prioritising security, water utilities can transform from being vulnerable targets into proactive defenders. The risk of disruptions, financial losses, and reputational damage diminishes with each proactive step.
In a world of unceasing cyberattacks, security is no longer a luxury but a vital investment. By taking action now, utilities can ensure the uninterrupted flow of water to their customers at all times.