In April this year, the intelligence community in the US issued a warning that adversarial entities were planning to target the country using cyberspace. States were wielding cyber operations as a means to achieve nefarious goals including causing destruction and disruption. Just 5 months down, we are already seeing a significant rise in the rate of background cyberattacks as well.
Attacks on critical infrastructure related to public services is a problem that governments around the world are trying to manage. This problem is even more pronounced in the US, thanks to the number of adversarial entities that are targeting critical infrastructure in the country. In addition to over 7 evolved APT groups, there are over 39 documented hacker groups and malware developers that are working together or in isolation to target critical infrastructure in the US.
Along with power plants and grids, it’s the water and wastewater management and treatment industry that is now bearing the brunt of sophisticated and persistent cyberattacks. A mix of existing vulnerabilities, lack of cyber hygiene practices, and visibility into network activity are among the key contributing factors.
The infrastructure components that are most vulnerable to cyberattacks are valve stations, pumping stations, operations control centers, and treatment plant controllers. PLCs and SCADA systems along with switches and HMI are the specific components that are vulnerable. The addition of new devices to manage pumps and IoT devices that monitor flow and pressure are also vulnerable.
Securing water and wastewater facilities
This needs a multi-phase defense-in-depth approach that addresses vulnerabilities, detects rogue or unauthorized devices, shrinks threat surfaces, and prevents lateral movement of malware. Defense-in-depth involves fortifying infrastructure at various levels including intrusion detection, vulnerability scanning, micro segmentation, and threat lifecycle management.
To detect cyberattacks, plant operators need rich and contextual threat intelligence. Each of these steps will help deter hackers and minimize threats to plant personnel and assets.
Plant operators also need to invest in training their employees to prevent phishing attacks from succeeding. Defense-in-depth also requires visibility into supply chains to ensure integrity.
Finally, by adopting the zero-trust framework, plant operators can prevent unauthorized activity.