The Need for Better Cybersecurity
With many cities jumping on the smart city bandwagon, few are stopping to think about the implications of security breaches, especially within the water and wastewater sector.
Ransomware on computers can impact operations due to loss of systems or data, but incidents involving SCADA systems can have much more severe consequences. The City of Oldsmar incident showed how easy it can be for a malicious actor to make modifications, such as adjusting the sodium hydroxide to a level that would be toxic to people. Past events like this show how cybersecurity incidents at water treatment facilities can have the potential to cause serious harm to the public. They can also result in significant damage to plant, major outages, harm to the environment, serious regulatory actions, and major negative publicity.
Common Causes of Cyberattacks
Cybersecurity incidents aren’t always from specialist hackers trying to disrupt society. Reality is, rural systems are much more likely to experience an incident through other causes. The following is the list of likely causes, in priority order:
- Mistake made by authorized employee or contractor
- Current or former disgruntled employee or contractor seeking revenge
- Ransomware attack from organized crime or random individual
- Targeted attack from nation state
Basic Cybersecurity Recommendations for Water Sector
Some of the basic actions that can reduce the likelihood of a cybersecurity incident within the water or wastewater sectors includes the following actions
- Remove Insecure Remote Access: SCADA servers and HMIs should not be using remote access software such as Team Viewer, LogMeIn, Parallels Access, etc. Authorized users should only be able to access your SCADA resources through secure channels involving multiple layers of protection.
- Vulnerability Scanning & Penetration Tests: CISA’s Vulnerability Scanning is a free service that continuously assesses the health of your internet-accessible assets by checking for known vulnerabilities, weak
configurations—or configuration errors—and suboptimal security practices. Once those findings have been remediated, we then recommend getting a penetration test performed with a purple team focus.
- Training & Awareness: Employees and contractors should be aware of the cybersecurity risks that exist, and the actions that they need to take to contribute to the mitigation of these risks. Red Trident offers a Prevention Training that includes general education, skill development, blue team preparedness, incident response preparedness, and other courses to ensure your organization has the right skills.
- Secure User Accounts: Tools such as Keeper and 1Password can be beneficial to make sure credentials are unique, strong and haven’t been leaked on the dark web.
- Proper Offboarding Processes: Since disgruntled former employees can pose a large risk, it’s vital to make sure you have a well documented offboarding process. It’s important to lay out who is in charge of each step such as collecting devices, removing access, etc.
Water Sector Threat Categories
EPA has grouped cyber-attacks on water utilities into two threat categories. One is cyber-attack on business enterprise systems, which includes computer-based communications, fnancial, data and record keeping, and other related systems. The second is cyberattack on process control systems, which includes electronic monitoring and control systems used for water collection, treatment, storage, and distribution across the utility. Image below is from epa.gov
How Red Trident Can Help
Red Trident is very experienced in the water and wastewater treatment sectors. We’re one of the few OT cybersecurity companies that not only provides services like cybersecurity assessments, but we also offer remediation services and can help solve any issues that are outside of your team’s expertise.
Why Red Trident
We work with you and do our best to be your cybersecurity partner. We listen to your concerns and make sure that we’re aligned with your business priorities. We don’t just come in, sell a service, write a report and walk away. We’re here for you. We explain our findings, answer any questions you might have and work with you to help where needed.
Unlike most ICS cybersecurity companies, we have the expertise to offer remediation services, especially when it comes to critical infrastructure. And if you have your own team, that’s great! We’re happy to take a step back as your team handles the remediation (or parts of it). We can also provide training to your team if they need some assistance. We’re flexible.
Our team consists of leaders in the ICS field with decades of combined experience in the public sector, private sector, and military. We’ve presented at major security conferences such as DEF CON, BlackHat, various ISAC’s, SANS ICS Summits, etc. We also understand how to communicate in a way that is easy to understand so you don’t end up feeling overwhelmed or confused.
Did you find this article helpful? If so, please share!