A ransomware gang recently infiltrated a water company, and critical infrastructure providers need to take lessons from it to avoid potentially catastrophic consequences.
Cyber attacks don't just affect the virtual world: they can have concerning real-world consequences for everyone, and a recent incident seemingly involving a near miss has demonstrated just how disruptive they can be.
Crucially, despite claims by the Clop
ransomware group that they had access to industrial systems that control chemicals in the water, the company said this wasn't the case and a government statement said there was no impact on South Staffordshire Water's ability to safely supply drinking water.
It's still unclear how the situation was resolved, but the attack raises a worrying question: what would've happened if cyber criminals had managed to encrypt the networks that control water supplies?
For starters, it's a particularly bad time for something like this to happen: dought has been declared in many areas of the UK following months of heatwaves, and a restriction to the water supply could've made things much worse.
Then there's the prospect of what might have happened if cyber criminals really were able to change the chemical balance of the water. In this case, it's unclear if they would've had the power to do so – but it's not a theoretical form of cyber attack, because hackers have already demonstrated they can do this.
"We can limit both the likelihood and impact of these threats by: safeguarding our networks, considering the way they are technically structured and who has access to them," says
advice from the National Cyber Security Centre (NCSC) which warns that an attack could result in "major detrimental impact on the availability, delivery or integrity of essential services, leading to severe economic or social consequences or to loss of life."
In order to protect networks – and people – from the consequences of attacks, which could be significant, many of the required security measures are among the most commonly recommended and often simplest practices.
Cybersecurity can become more complex for critical infrastructure, particularly when dealing with older systems, which is why it's vital that those running them
know their own network, what's connected to it and who has access. Taking all of this into account, providing access only when necessary, can keep networks locked down.
In some cases, that might mean ensuring older systems aren't connected to the outside internet at all, but rather on a separate, air-gapped network, preferably offline. It might make some processes more inconvenient to manage, but it's better than the alternative should a network be breached.
Incidents like the South Staffordshire Water attack and the Florida water incident show that cyber criminals are targeting critical infrastructure more and more. Action needs to be taken sooner rather than later to prevent potentially disastrous consequences not just for organizations, but for people too.
Source - Danny Palmer – 21 August 2022 - ZDNet