For decades, dams and hydropower facilities have been prime targets, with a historical backdrop that traces back to wartime conflicts. During World War II, the British Royal Air Force assembled a squadron of pilots famously known as the Dambusters. Their objective was to dismantle critical dams in Germany, recognized as optimal targets due to their potential to severely disrupt water and power supplies.
However, as of 2023, the landscape has evolved significantly. The projected global cost of cybercrime is expected to skyrocket to $8 trillion. Given the substantial value of data and the potential for far-reaching disruption, energy and utility companies remain high-priority targets.
In today’s context, the hydropower and dam industries, much like many other sectors, find themselves at a pivotal juncture where innovation and cybersecurity intersect. Even a seemingly minor error, such as untimely dam operations, could unleash chaos on nearby communities, severely disrupting supply chains and causing extensive damage to neighboring regions.
Varieties of Cyber Threats: State-sponsored and Hobbyist
Cyber threats can broadly be categorized into two main types. The first category comprises state-sponsored cyber attacks, meticulously planned and financially supported by governments or nation-states. Russia and China in particular have gained huge notoriety in their persistent targeting of critical infrastructure, financial services, aerospace and defense. The move towards targeting energy companies and utilities is relatively recent, and has prompted renewed focus on the problem.
The second category involves attacks by hobbyist hackers, primarily driven by either monetary gains or a desire to cause mischief. A glaring instance is the Colonial Pipeline attack, where the company paid the hacker group known as DarkSide 75 bitcoins (equivalent to $4.4 million) to obtain a decryption key, allowing the company’s IT team to regain control of its systems.
Heightened Infrastructure Complexity and Emerging Vulnerabilities in Hydropower and Dam Facilities
The growing integration of Internet of Things (IoT) devices and sensors in the hydropower and dam sector has significantly increased infrastructure complexity, resulting in heightened vulnerabilities for several key reasons:
- Expanding attack surfaces: With every device linked to the network becoming a potential target, the proliferation of IoT devices and sensors widens the range for potential cyber-attacks.
- Device security challenges: The substantial volume and remote locations of IoT devices make it challenging to ensure regular updates to firmware and software. Additionally, their dispersed locations increase the risk of theft and tampering.
- Lack of standardization: Different manufacturers implement varying levels of security measures, making it difficult to establish consistent security practices across all devices due to the absence of standardization.
- Legacy systems vulnerabilities: Many critical infrastructure systems still rely on outdated, legacy technology that was not initially designed with modern cybersecurity standards. These outdated systems are more susceptible to cyber-attacks.
- Interoperability hurdles: Achieving seamless interoperability among different IoT devices and systems poses challenges. This may necessitate security compromises to facilitate connectivity, potentially undermining overall security.
- Network visibility challenges: Depending on the network’s connectivity and device dispersion, obtaining a comprehensive view can be challenging. This impedes the ability to detect and respond to cyber-attacks effectively.
- Data privacy concerns: IoT devices frequently collect and transmit sensitive data. Insufficient data protection measures can result in data breaches, compromising privacy and offering valuable information to potential attackers.
The Convergence of Operational and Information Technology
Historically, operational technology (OT) and information technology (IT) data streams were kept separate, ensuring OT systems remained ‘air-gapped’ from the internet and were thereby minimally susceptible to hacking risks. However, as technology integrates OT and IT, it presents both advantages and risks. The advantages are abundant; merging SCADA data with systems managing physical infrastructure allows for autonomous performance optimization.
Yet, given that OT systems have not historically been prime targets, they often lack robust security measures. Passwords frequently remain set to default character strings, remote monitoring for suspicious activities is often absent, and patches are not implemented as regularly as required.
In this evolving landscape, it becomes imperative for security teams to recognize these vulnerabilities and proactively take measures to mitigate them, ensuring the protection of critical infrastructure within the hydropower and dam sector.
Insights Gained from Successful Cyber Attacks
A notable cyber attack unfolded involving Queensland’s Sunwater, a water supplier targeted in a nine-month-long breach. This breach, spanning from August 2020 to May 2021, exploited vulnerabilities present in an older system version, allowing unauthorized access to customer information stored on their web server. While the hackers did not compromise financial or customer data, they did leave behind suspicious files, redirecting visitor traffic to an online platform.
The subsequent Water 2021 report underscored the critical importance of swift action in addressing persistent security vulnerabilities. It emphasized the significance of software updates, robust passwords, and diligent monitoring of network traffic as vital protective measures.
Contact us
In another significant incident, the LockerGoga ransomware group inflicted substantial harm on Norsk Hydro. The attack forced Norsk Hydro to halt operations in multiple production facilities, affecting 35,000 employees across 40 countries and resulting in financial losses of around $71 million. The cyberattack originated from an employee unwittingly opening an infected email three months prior.
However, Norsk Hydro’s response was commendable. Instead of succumbing to the ransom demands, the company collaborated with Microsoft’s cybersecurity team to restore operations and maintained a commitment to transparency throughout the crisis. Torstein Gimnes, Corporate Information Security Officer, emphasized the need to rebuild infrastructure to ensure safety and eliminate potential attacker presence.
An immediate IT shutdown was initiated to halt further proliferation, and only trusted backups facilitated by Microsoft’s team were utilized. Post-attack, a focus was placed on employee training, implementing multi-factor authentication, regular updates, and resilient backup solutions to enhance security.
Contact us
These cyber attacks underscore the necessity of proactive measures and resilience in the face of evolving threats. Most importantly, they emphasize the value of collaboration and knowledge sharing among industry peers. As Eric Doerr, General Manager of the Microsoft Security Response Center, articulates, “When companies engage in this collaborative effort, it elevates the collective defense and compels attackers to work harder.”
Securing Vital Elements in Hydropower and Dam Infrastructure
Securing crucial components within hydropower and dam facilities against cyber threats requires a methodical approach. Initially, it’s vital to evaluate cyber risks by identifying the key assets within the facility or network.
Subsequently, a thorough analysis of potential threats, such as data breaches and malware attacks, should be conducted for these critical assets. To effectively allocate resources, it’s imperative to prioritize these risks based on their likelihood and potential impact, allowing for a focused and targeted security strategy.
From there, we look at mitigation.
1. Protect Data Integrity
An integral aspect of security involves safeguarding data through encryption, authentication protocols, and stringent control over physical facility access. Utilizing firewalls and VPNs can be effective in securing data during transmission over public internet infrastructure.
However, to mitigate risks more comprehensively, companies can opt for private lines or dedicated secure satellite networks like TSAT, tailor-made for securing SCADA data.
Furthermore, contemporary trends indicate a shift towards a unified data stream for both IT and OT. Organizations pursuing this integration must implement robust control system boundary protection measures to thwart unauthorized access. This can include employing technologies such as SD-WAN in conjunction with next-generation firewalls to maintain secure data boundaries.
Contact us
2. Enhance Physical Security
Robust physical security measures not only act as a deterrent to potential threats but also represent the initial defense against cyberattacks. Stringently controlling and monitoring physical access to facilities substantially minimizes the risk of malicious actors gaining direct entry to sensitive systems and data.
Moreover, implementing surveillance on physical access enables companies to promptly detect unauthorized entry or unusual activities, empowering them to intervene swiftly and halt any progress made by potential hackers.
Contact us
3. Prioritize Firmware and Software Updates
Regular updates to both software and firmware play a vital role in addressing known vulnerabilities, fortifying system resilience, and upholding the integrity of critical software components. By staying current with updates, organizations proactively mitigate cyber threats that often exploit outdated software to infiltrate systems and compromise sensitive data.
In the case of hardware devices, firmware updates enhance functionality and bolster security by patching potential vulnerabilities. Stressing the significance of timely updates and establishing a structured update management process is crucial. Particularly for remote, unmanned locations of dams or hydropower facilities, ensuring the ability to remotely secure infrastructure through over-the-air (OTA) firmware updates is imperative.
Contact us
4. Empower Staff through Training
Addressing the human factor in cybersecurity is pivotal, given that human errors can often create vulnerabilities. Organizations must ensure their employees are well-versed in the latest cybersecurity practices to mitigate potential breaches through early detection and swift response. A prime example is a vigilant staff member who thwarted an attempt to tamper with sodium hydroxide levels in Florida’s water supply last year.
Further, having robust incident response plans in place is paramount. Employees should be adept at containing incidents, restoring systems, and investigating root causes. Ultimately, organizations need the assurance that in the event of a cyber attack, their staff can respond efficiently and effectively. Continuous training through workshops, webinars, and fostering a security-conscious culture not only fortifies cybersecurity resilience but also encourages information sharing among peers, strengthening collective efforts against cyber threats.
Contact us
5. Ensure Resilience through Redundancy and Backup
Redundancy and backup systems play a critical role in fortifying network infrastructure against unexpected vulnerabilities and disruptions. By establishing duplicate or alternative pathways for data transmission and network operations, redundancy measures guarantee an immediate and smooth transition to a secondary, secure option should the primary system or connection fail. This approach not only reduces the risk of single points of failure but also amplifies the overall system reliability.
A notable case involves one of our major clients, who has implemented satellite connectivity as their third failover (preceded by cellular and fiber options). Remarkably, their satellite setup has not encountered a single failure in 27 years, making it the system they regard as the most reliable. Given the increasing reliance of the hydropower and dam sector on interconnected digital systems, redundancy and backup solutions emerge as formidable defenses, ensuring uninterrupted operations and providing protection against potential cyber threats and disruptions.
Contact us
These points are just a glimpse into the extensive realm of cybersecurity. They underscore a fundamental reality: within the ever-changing cybersecurity landscape, proactive measures are indispensable. The ability to foresee and mitigate vulnerabilities before they escalate into threats holds immense significance in establishing and upholding strong cybersecurity protocols. If you are keen on delving into your connectivity or data security solutions with our seasoned team, feel free to reach out to us at sales@groundcontrol.com.
More on IoT data security
-
November 30, 2021How to Improve Satellite IoT Network Security
IoT malware attacks rose by 700% in 2021, and with that in mind, here are our four top picks for mitigating the threat, with specific reference to satellite IoT. From prudent networking choices through to data usage monitoring, we’ve outlined some of the best ways in which systems integrators can shore up their defences.
-
July 24, 2023Satellite IoT: transforming connectivity and security in the water industry
Satellite IoT has transformed in the last 5 years, but what are the implications for water sensor manufacturers monitoring pipelines, reservoirs and treatment plants in remote areas?
-
January 27, 2022Powering tomorrow: challenges and opportunities in Utilities
In this webinar, four experts in the field of IoT / M2M connectivity discussed the challenges Utilities and Renewables companies face over the next decade, from ageing infrastructure to cyber security to climate change.
-
May 21, 2023A Guide to Satellite IoT Network Security
This guide explores the potential security threats to Industrial IoT in the context of satellite data transmissions, and considers what needs addressing.
Take Control of Your Security
