The water and wastewater treatment plants are under significant danger from Threat actors around the globe that are rapidly increasing their efforts to monetize, defunctionalize and destabilize plant operations across vital OT and ICS deployments.
This looming threat has caught the attention of four major federal entities in the USA (FBI, NSA, CISA, and EPA). These agencies issued a joint statement, alerting that water and wastewater treatment facilities are in the crosshairs of sophisticated threat actors. Quoting, “companies in this sector will continue to face ongoing targeting of their information technology and operating technology (OT and IT) by both known and unknown malicious hacking groups.”
The alert must raise serious concerns as 2021 had already seen at least three cyberattacks. The water treatment facility in Florida (Oldsmar) was targeted by hackers during one such notable attack. Here the levels of Sodium Hydroxide (NaOH) in water increased from 100ppm to 11,100ppm, making it mortally dangerous to drink water with heightened levels of NaOH in water. The fact that it was planned, and executed two days before the Superbowl, must bring the motives of this attack into perspective.
Similar sophisticated attempts were logged on OT-IT, IoT, SCADA, and ICS deployments as early as October using sophisticated ransomwares, spearphishing campaigns by exploiting vulnerabilities in old or unpatched legacy software. With no end in sight as far as attacks go and the rising sophistication of these attacks, we must remain vigilant and not wait until it’s too late.
Catch our cybersecurity experts to discuss these topics in detail and present measures that will help tighten all your cybersecurity gaps on our latest webinar: Cyberattack Prevention for the Water & Wastewater Industry, on November 16th at 1 PM CST.
Securing OT-IT Connected networks for water and waste water treatment facilities
To explain how one can secure their OT-IT connected networks, we must first meticulously deconstruct the flaws and gaps in your cybersecurity posture. Then evaluate the best options that suit your organization. So, let’s begin with a couple of questions that will give you some clarity.
Are your OT and IT deployments connected to the same network?
In most cases, networks connected to or integrated with OT that control physical machines often present a grave risk. Getting access to one can compromise the latter. We at Sectrio have been saying that the blurred lines between OT and IT security are often the most exposed aspect of any given system.
Segmented network for OT and IT, is it a good idea?
Having the same network for all deployments elevates the cyber risk (mentioned above), and segmenting your network seems to be a good idea, but is it? Although segmenting your network can bring some clarity, a situation could arise wherein the number of connected devices increases exponentially, making it nearly impossible to execute a perfectly implemented segmented network for OT and IT. We all know the saying, any exploit is a complete exploit. [ Hint: use micro segmentation]
What is micro segmentation, and how can it help?
You can secure your SCADA monitoring systems, control systems, ICS, and OT deployments connected to a single network by micro segmenting without compromising the existing setup in the process.
Micro segmentation helps in:
- Getting a holistic view of all your connected devices
- Securing the devices and networks against all types of cyberattacks
- Comply with all cybersecurity mandates at the most granular level possible
If you are now thinking of the Purdue model, IEC 6244 (formerly known as ISA-99), then you are right.
Do more with the industry’s most reliable Micro Segmentation product
Threat intelligence and detection to improve and evolve.
Cybersecurity does not end by segmenting your networks, MFA, mitigation tactics, or even logging threats. It’s only the beginning, and you are just getting started!
A rich and contextual cyber threat intelligence will go a long way in optimizing and creating a threat signature handbook from the data you’ve analyzed to prevent any or all future cyber threats on your organization. To make your day even better, we here at Sectrio are offering a 15-day free threat intelligence feeds that can seamlessly integrate into your SOC and SIEM platforms.
If you are eager to reach out to us, share your details here, and our cybersecurity experts will shortly be in touch with you.