Lessons from successful cyber attacks
A successful cyber attack involved Queensland’s Sunwater, a water supplier targeted in a nine-month-long breach. The breach, occurring between August 2020 and May 2021, exploited vulnerabilities in an older system version, granting unauthorised access to customer information stored on their web server. While the hackers didn’t compromise financial or customer data, they left behind suspicious files, redirecting visitor traffic to an online platform.
The subsequent Water 2021 report underscored the importance of immediate action to rectify ongoing security weaknesses, emphasising software updates, stronger passwords, and vigilant network traffic monitoring as crucial safeguards.
In another notable case, the LockerGoga ransomware group inflicted significant damage upon Norsk Hydro. Norsk Hydro was forced to shut down multiple production facilities, impacting 35,000 employees, across 40 countries and resulting in approximately $71 million in financial losses. The cyberattack stemmed from an employee unknowingly opening an infected email three months prior.
Norsk Hydro’s response, however, garnered accolades. The company chose not to pay the ransom, instead engaging with Microsoft’s cybersecurity team to restore operations and remained committed to transparency throughout the ordeal. As Torstein Gimnes, Corporate Information Security Officer emphasised – “You need to rebuild your infrastructure to be safe and be sure that the attacker is not still part of it.”
An immediate IT shutdown was implemented to prevent further spread and only trusted backups facilitated by Microsoft’s team were used. Following the attack, a commitment to employee training, multi-factor authentication, regular updates, and resilient backup solutions were introduced to bolster security.
Mitigate cyber risks
1. Safeguard data
Ensuring data security encompasses data encryption and authentication protocols, coupled with monitoring and restricting physical access to facilities. While firewalls and VPNs serve as effective safeguards when data traverses public internet infrastructure, companies can mitigate these risks entirely with the deployment of private lines or a secure private satellite network like TSAT – designed specifically for SCADA data.
In addition, as mentioned above, recent trends show organisations gravitating toward a unified data stream for both IT and OT. Companies wishing to do this must ensure they have appropriate control system boundary protection to prevent unauthorised access, for example, SD-WAN coupled with a next generation firewall.
2. Secure physical access
Physical security measures not only deter potential threats but also serve as the first line of defence against cyberattacks. By strictly limiting and monitoring who can physically access a facility, organisations can significantly reduce the risk of malicious actors gaining direct entry to sensitive systems and data.
Further, when physical access is under surveillance, companies can identify unauthorised access or unusual activity, allowing them to swiftly intervene and halt a hacker’s progress.
3. Prioritise firmware and software updates
Software and firmware updates are essential tools in addressing known vulnerabilities, strengthening system resilience, and ensuring the integrity of critical software components. By regularly applying updates, organisations stay ahead of cyber threats that often exploit outdated software to breach systems and steal sensitive information.
Firmware updates for hardware devices, on the other hand, enhance device functionality and bolster security by patching potential vulnerabilities. Emphasising the importance of prompt updates and establishing a structured update management process is key. If your dam or hydropower facility is in a remote, unmanned location, ensure that you have the ability to remotely protect your infrastructure with over-the-air (OTA) firmware updates.
4. Staff training
Human errors often open the door to cyber incidents, so it’s crucial organisations equip their employees with the latest cybersecurity knowledge. Early detection and response, facilitated by well-informed and vigilant employees, can prove instrumental in preventing breaches. A prime example is a vigilant staff member who thwarted an attempt to tamper with sodium hydroxide levels in Florida’s water supply last year.
Moreover, robust incident response plans are essential. Employees must know how to contain incidents, restore systems, and investigate root causes. Ultimately organisations need to be confident that if their facility does experience a cyber attack, staff can react efficiently and effectively. Bolstered by continuous training, workshops, webinars, and the cultivation of a security-conscious culture, enhances cybersecurity resilience. It also promotes information sharing among peers, strengthening collective efforts to combat cyber threats.
5. Redundancy and backup
Redundancy and backup systems serve as critical safeguards against unforeseen vulnerabilities and disruptions within network infrastructure. By creating duplicate or alternative pathways for data transmission and network operations, redundancy measures ensure that even if a primary system or connection fails, there’s an immediate and seamless switch to a secondary, secure option. This not only mitigates the risk of single points of failure but also enhances the overall reliability of the system.
One of our largest clients has satellite implemented as their third connectivity failover (cellular first, fibre second). Their satellite setup hasn’t failed once in 27 years and is the system they consider the most reliable. With the hydropower and dam sector increasingly reliant on interconnected digital systems, redundancy and backup solutions stand as formidable defences, ensuring continuous operations and protecting against potential cyber threats and disruptions.
Secure Your Infrastructure
To talk to the team about your connectivity options, challenges and associated data security, simply fill in the form.