To get a preview of the next possible mass casualty terrorist attack, look no further than April 24th, 2020, when Israel thwarted an assault attempt by Iranian hackers on the country’s control systems of wastewater treatment plants, pumping stations and sewers. In this case, the hackers tried to raise the level of chlorine to dangerous levels.
Cyber attacks on water plants aren’t new. Since the first known hacking attempt on an Australian water facility in 2000, numerous attacks against water utilities worldwide have been attempted. And in 2014, the Department of Homeland Security (DHS) warned that America’s nation-state adversaries were mapping U.S. water infrastructure.
For a number of reasons, water and wastewater utilities are juicy targets for hackers. Due to budget constraints, a lot of water utilities have only one or two IT professionals, no cybersecurity experts and precious little money available to develop any kind of robust cyber defense program.
Moreover, while cyber defenders traditionally have concentrated on threats to organizations’ IT networks, the real threat to critical infrastructure operators are their operational technologies (OT)—the complex industrial control systems (ICS) used to manage the generators, pumps, valves and other equipment used by water plants and other industrial operators. Historically, the OT remained separated, or “airgapped” from the internal IT networks connected to the internet; however, with the advent of converged OT-IT networks this is no longer the case. In short, these industrial control systems are now connected to the internet, making them vulnerable to hacking. Despite their vulnerabilities, water utilities can still take a number of steps to protect themselves.
To start with, since you can’t protect what you aren’t aware of, water utilities – indeed, any critical infrastructure operations – should regularly inventory their organization’s entire asset base. Performing this inventory can enable plant operators to discover and terminate internet connections that pose dangers to industrial control systems.
Water utilities could also consider removing the threat to their OT assets by keeping them strictly airgapped. Alternatively, utilities wishing to enable OT-IT integration safely can use unidirectional security gateways to ensure that while valuable data can flow from industrial control systems to outside networks, IT data is blocked from ever reaching the sensitive OT.
Fourth, water utilities – especially smaller water utilities where an IT manager may frequently provide remote support – can implement so-called secure access service edge (SASE) systems from companies that make accessing private apps simple and secure.
Finally, as information security professionals constantly repeat, simply using proper cybersecurity hygiene can go a long way toward making any organization more secure.
This includes using two-factor authentication, frequently changing passwords, backing up your data, keeping software updated – including adding patches where necessary – and implementing cybersecurity training programs for employees.
Indeed, while it’s natural to think of cybersecurity threats as technical challenges that can be defeated by even better technical solutions, the number of attacks that could be thwarted simply by training employees not to click on links or attachments of unknown origins is massive. To be clear, even implementing all these steps isn’t a panacea, and determined hackers can still breach even the best defenses. Taking these steps, however, will still go a long way toward keeping our precious water resources from becoming the vector for a catastrophe.
Luckily, Israel possesses a number of cybersecurity firms that can help keep water infrastructure secure:
SIGA OT SIGA’s supervisory control and data acquisition are systems used in critical infrastructure and industrial processes. Its proprietary, device-based solution provides early warning in the event of an anomaly, whether caused by cyberattack or system malfunction. SIGA’s product is unique and relies on electrical signals directly from the source to detect anomalies. The Israel Water Authority has selected SIGA to monitor Israel’s water’s infrastructure – a strong endorsement of their technology.
Waterfall Security Waterfall Security Solutions develops industrial cybersecurity solutions. Based on Waterfall’s Unidirectional Security Gateway technology, the company’s products offer an alternative to firewalls. Its solutions enable safe and reliable IT/OT integration, data sharing, cloud services, and all required connectivity for industrial control systems and critical infrastructures.
IXDen IXDen’s software-based approach to OT system protection covers Industrial IoT cybersecurity and sensor data integrity. Leveraging patented biometric IoT device identity and multifactor authentication, IXDen achieves sensor data integrity on a sensor level while providing at-the-source threat detection. IXDen leverages proprietary behavioral and mathematical algorithms, statistical analysis, machine learning, and artificial intelligence to model the behavior of various industrial physical systems, attaining deep understanding of the device data, software, and hardware. The solution provides data veracity and device security without any hardware or security keys stored on the device.
Claroty Claroty was conceived to secure the safety and reliability of industrial control networks. The Claroty platform is an integrated set of cyber-security products that provide extreme visibility, unmatched cyber-threat detection, secure remote access, and risk assessments for industrial control networks (ICS/OT).
Nanolock NanoLock Security protects the operational integrity of connected devices and machines against both cyber events and human errors in order to maintain business continuity and safeguard revenues. NanoLock is a zero trust, device-level solution that prevents outsider, insider, and supply-chain attacks as well as human errors, regardless of the attack origin, cyber event, or exploited vulnerability. It accomplishes this all without affecting the device or machine’s functionality and performance, with near-zero resource consumption, and with compatibility across both legacy and new devices and machines.
Sepio Cyber Sepio Prime provides security teams with full visibility into their hardware assets and their behavior in real time. A comprehensive policy-enforcement module allows administrators to easily define granular device usage rules and continuously monitor and protect their infrastructure. Leveraging a combination of physical fingerprinting technology and device behavior analytics, Sepio’s software-only solution offers instant detection and response to any threat or breach attempt coming from a manipulated or infected element.