In 2023, the potential for sabotage continues to loom large for the water environment. Scroll through recent headlines and you’ll read multiple accounts of breaches in computer and SCADA (supervisory control and data acquisition) networks.
According to the Cybersecurity and Infrastructure Security Agency (CISA), both water supply and wastewater management are:
“… so vital to the U.S. that their disruption, corruption, or dysfunction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.”
Cybersecurity and the U.S. Water Supply
This growing problem is such a concern that earlier this year the U.S. Environmental Protection Agency (EPA) released a memorandum that essentially urged public water systems to implement more robust cybersecurity programs. The memo also recommended that cybersecurity be included as a best practice for water utility auditing.
Of course, these same recommendations hold true for wastewater treatment facilities and the protection of their networks, devices, and data.
Cloud platforms, remote monitoring, and smart detection devices are helping better protect our nation’s water supply. Yet, despite the benefits of these advanced operational technologies, there are some potential security risks—risks that must be addressed in order to secure networks and keep water and wastewater operations safe.
Malicious Cyber Activity in Water and Wastewater Systems
Treatment plant shutdowns, locked networks, and disabled monitoring are just a few of the many examples of what can happen if a cyberattack occurs at a water utility or wastewater treatment plant.
Here’s a high-level recap of some recent malicious ransomware attacks on water and wastewater treatment systems, as reported by CISA:
When: August 2021
Where: California-based WWS facility
The ransomware variant had been in the system about a month before it was discovered via a SCADA message.
When: July 2021
Where: Maine-based WWS facility
Attackers gained access to the SCADA and introduced ransomware, forcing the organization to run a manual system until the SCADA could be restored.
What: Ransomware via remote access
When: March 2021
Where: Nevada-based WWS facility
Cybercriminals introduced ransomware into both the SCADA and backup systems.
So, what can be done to mitigate risks of a compromised system?
In fact, we’ve written on the topic of cybersecurity many times, offering resources and action steps that can help you take control. This article in particular outlines cybersecurity best practices within the context of why and how MSA FieldServer™ is committed to regularly strengthening security.
If you’d like to know how this information applies to your security strategy, we invite you to join us at WEFTEC 2023, October 2-4, 2023 in Chicago. Stop by Booth #1822 to say “hello,” talk cybersecurity, and learn more about intelligent automation and control, as well as secure remote monitoring.
In the meantime, keep reading for three specific things you can do right now to help mitigate potential vulnerabilities.
3 Tips for Preventing Malicious Cyber Activity
1) Add Multifactor Authentication
Multifactor authentication (MFA) is a log in process that requires users to present additional credentials beyond merely entering a password in order to access a system. These additional credentials could include answering a secret question or inputting a code that’s been sent via SMS or email.
This deterrent works by adding a layer of difficulty, meaning that if one or both authenticators fail, the user is unable to access the system. Of course, it’s essential that you require users to log in at every turn in order and that you have a plan in place to revoke access for unauthorized users, including former employees.
2) Increase System Monitoring
Close and careful monitoring of water and wastewater systems is perhaps the best way to detect and thwart suspicious activity.
Suspicious activity could include such things as:
- Unusual alerts or system access
- Unplanned SCADA restarts
- Abnormal changes in system or data parameters
FieldServer gateways connected to the MSA Grid cloud platform let you proactively monitor in real-time across multiple locations from wherever you are.
3) Ensure Device Security
Because communication protocols are among the most vulnerable to attack, it’s essential to keep firmware updated and use devices that are designed with security in mind. Look for manufacturers like FieldServer that employ third-party penetration testing via an ethical hacking team.
Third-party penetration testing can help ensure that vulnerabilities are addressed and that your solutions adhere to the latest cybersecurity standards.
FieldServer Security—Above and Beyond
Reducing the risk of exposure is key to preventing a hack, a breach, or an attack. Which is why we recommend the FieldServer Dual Ethernet Port for a better, more secure way to connect your systems.
In addition to enabling secure connections, the Dual Ethernet Port complies with the most stringent Internet of Things (IoT) safety standards and is third-party penetration tested for our gateway hardware and the MSA Grid.
Its unique design reduces the risk of exposure through a variety of security features including a firewall that enables an outgoing connection while blocking incoming ones.