Insights Gained from Successful Cyber Attacks
A notable cyber attack unfolded involving Queensland’s Sunwater, a water supplier targeted in a nine-month-long breach. This breach, spanning from August 2020 to May 2021, exploited vulnerabilities present in an older system version, allowing unauthorized access to customer information stored on their web server. While the hackers did not compromise financial or customer data, they did leave behind suspicious files, redirecting visitor traffic to an online platform.
The subsequent Water 2021 report underscored the critical importance of swift action in addressing persistent security vulnerabilities. It emphasized the significance of software updates, robust passwords, and diligent monitoring of network traffic as vital protective measures.
In another significant incident, the LockerGoga ransomware group inflicted substantial harm on Norsk Hydro. The attack forced Norsk Hydro to halt operations in multiple production facilities, affecting 35,000 employees across 40 countries and resulting in financial losses of around $71 million. The cyberattack originated from an employee unwittingly opening an infected email three months prior.
However, Norsk Hydro’s response was commendable. Instead of succumbing to the ransom demands, the company collaborated with Microsoft’s cybersecurity team to restore operations and maintained a commitment to transparency throughout the crisis. Torstein Gimnes, Corporate Information Security Officer, emphasized the need to rebuild infrastructure to ensure safety and eliminate potential attacker presence.
An immediate IT shutdown was initiated to halt further proliferation, and only trusted backups facilitated by Microsoft’s team were utilized. Post-attack, a focus was placed on employee training, implementing multi-factor authentication, regular updates, and resilient backup solutions to enhance security.
1. Protect Data Integrity
An integral aspect of security involves safeguarding data through encryption, authentication protocols, and stringent control over physical facility access. Utilizing firewalls and VPNs can be effective in securing data during transmission over public internet infrastructure.
However, to mitigate risks more comprehensively, companies can opt for private lines or dedicated secure satellite networks like TSAT, tailor-made for securing SCADA data.
Furthermore, contemporary trends indicate a shift towards a unified data stream for both IT and OT. Organizations pursuing this integration must implement robust control system boundary protection measures to thwart unauthorized access. This can include employing technologies such as SD-WAN in conjunction with next-generation firewalls to maintain secure data boundaries.
2. Enhance Physical Security
Robust physical security measures not only act as a deterrent to potential threats but also represent the initial defense against cyberattacks. Stringently controlling and monitoring physical access to facilities substantially minimizes the risk of malicious actors gaining direct entry to sensitive systems and data.
Moreover, implementing surveillance on physical access enables companies to promptly detect unauthorized entry or unusual activities, empowering them to intervene swiftly and halt any progress made by potential hackers.
3. Prioritize Firmware and Software Updates
Regular updates to both software and firmware play a vital role in addressing known vulnerabilities, fortifying system resilience, and upholding the integrity of critical software components. By staying current with updates, organizations proactively mitigate cyber threats that often exploit outdated software to infiltrate systems and compromise sensitive data.
In the case of hardware devices, firmware updates enhance functionality and bolster security by patching potential vulnerabilities. Stressing the significance of timely updates and establishing a structured update management process is crucial. Particularly for remote, unmanned locations of dams or hydropower facilities, ensuring the ability to remotely secure infrastructure through over-the-air (OTA) firmware updates is imperative.
4. Empower Staff through Training
Addressing the human factor in cybersecurity is pivotal, given that human errors can often create vulnerabilities. Organizations must ensure their employees are well-versed in the latest cybersecurity practices to mitigate potential breaches through early detection and swift response. A prime example is a vigilant staff member who thwarted an attempt to tamper with sodium hydroxide levels in Florida’s water supply last year.
Further, having robust incident response plans in place is paramount. Employees should be adept at containing incidents, restoring systems, and investigating root causes. Ultimately, organizations need the assurance that in the event of a cyber attack, their staff can respond efficiently and effectively. Continuous training through workshops, webinars, and fostering a security-conscious culture not only fortifies cybersecurity resilience but also encourages information sharing among peers, strengthening collective efforts against cyber threats.
5. Ensure Resilience through Redundancy and Backup
Redundancy and backup systems play a critical role in fortifying network infrastructure against unexpected vulnerabilities and disruptions. By establishing duplicate or alternative pathways for data transmission and network operations, redundancy measures guarantee an immediate and smooth transition to a secondary, secure option should the primary system or connection fail. This approach not only reduces the risk of single points of failure but also amplifies the overall system reliability.
A notable case involves one of our major clients, who has implemented satellite connectivity as their third failover (preceded by cellular and fiber options). Remarkably, their satellite setup has not encountered a single failure in 27 years, making it the system they regard as the most reliable. Given the increasing reliance of the hydropower and dam sector on interconnected digital systems, redundancy and backup solutions emerge as formidable defenses, ensuring uninterrupted operations and providing protection against potential cyber threats and disruptions.