Utilities Face Mounting Threats of Cyber Attacks

Remote alarm notification software adds firewall.

By Cody P. Bann

Municipal utilities are critical to national security, economic stability and public health and safety. As technology in these sectors evolves, cyberattackers take advantage of opportunities to exploit vulnerabilities. While the Federal Government has taken steps to address this issue by creating innovative public-private partnerships and initiatives, the worldwide attacks on municipal utilities in the past year have virtually doubled. Due to the geopolitical unrest, cyberattacks have become such a threat that, as recently as last month, President Biden urged private sector partners to immediately harden cyber defenses.  

Remote Alarm Notification Software Offers Additional Security

A report by the American Water and Works Association, Cybersecurity Risk & Responsibility in the Water Sector, states that “…Failing to address cybersecurity risk in a proactive way can have devastating results. Failing to take reasonable measures and employ best practices to prevent, detect and swiftly respond to cyber-attacks means that organizations and the people who run them will face greater damage—including technical, operational, financial and reputational harm—when the cyberattacks do occur.”

Utilities face myriad challenges to managing cyber risk due to varying infrastructure and entities of vastly different sizes, capabilities, resources and types of ownership. However, turning to additional technology is one answer. 

Although replacing legacy systems and networks can be extremely costly, it is essential to work with vendors and cybersecurity experts to implement updates and, if necessary, overhauls of outdated systems. Invoke the help of internal or external advisors to prioritize risks, and develop a realistic approach and plan for enhancing cybersecurity. At a minimum, utilities must comply with basic standards including restricted physical and technical access, firewalls, logging and encryption.

Many SCADA systems are simply over-exposed to the internet by remote desktop applications (e.g. RDP and TeamViewer). In an attempt to offer process and asset information to operators, organizations have provided much more, ignoring the principle of least privilege and opening their entire control systems and their hosts to remote desktop access by unnecessary parties. Such broad remote access techniques present an increased security risk for organizations, a risk that Oldsmar experienced firsthand when an improperly secured TeamViewer application allowed an unauthorized party to increase the amount of sodium hydroxide being added to their water treatment process.  

Due to the geopolitical unrest, cyberattacks have become such a threat that, as recently as last month, President Biden urged private sector partners to immediately harden cyber defenses.  

Advanced remote alarm notification software allows remote operators access to only the information they need from SCADA but not access to the SCADA itself or its operating system host. Such notification software is compatible with more secure, layered networks in which a series of firewalls provide added protection from attacks. This is done by deploying notification solutions alongside the SCADA system at the network’s control level and using notification modalities that are not internet facing or distributing internet-facing notification processes to higher levels. For example, internal email servers, SMS modems and voice via PBX devices allow communication with the outside world without internet exposure. Likewise, distributing the processes that interface with SCADA from those that interface with external email servers, VoIP solutions and cloud apps allows internet-based notifications without compromising security.

Of course, there are valid use cases for desktop sharing software that do not violate PoLP and go well beyond operator access to process information. For such systems it’s critical that the remote desktop solutions be implemented with sound security.

There are several steps that utilities should take to improve their cybersecurity: update any software to the latest version; deploy multi factor authentication; use strong passwords to protect remote desktop protocol credentials; ensure anti-virus systems, spam filters and firewalls are up to date, properly configured and secure.

Utilities should also take steps to secure any remote access software. They should not use unattended access features, and IT leaders should configure the software such that the application and associated background services are stopped when not in use. Integrating the remote alarm notification software through the SCADA system is critical to further reducing cyberattacks.

The New Normal

According to McKinsey & Company’s report, Critical resilience: Adapting infrastructure to repel cyber threats, cyberattacks should be thought of as a certainty akin to the forces of nature. Just as engineers must consider the heaviest rains that a dam may need to contain in the next century… Those digitizing infrastructure must plan for the worst in considering how an attacker might abuse or exploit systems that enable infrastructure monitoring and control. This shift in thinking will begin to lay the path to connected infrastructure that is resilient by design.

Cody Bann is director of engineering at WIN-911. He can be reached at cody.bann@win911.com.