The primary source for cyber risks in water and waste management facilities comes from the use of wide-area-networks (WANs) for monitoring and the collection of data. A typical water site has two primary WAN connections: One to the corporate network, and through that network to the Internet, and customers, partners and vendors. The other WAN is connected to pumping stations and remote sensors to gather important data that regulates the state of the water. Sometimes these networks are the same – for example, people might use the Internet to interact with their remote sensors. Traditionally, these WANs have been protected with firewalls. Unfortunately, firewalls are not a strong enough security solution to prevent cyberattacks from entering water facilities’ control systems.
It’s “just” water, what can a cyber hacker accomplish?
One of the greatest concerns for managers of any industrial site is the contamination of the water, executed by a hacker on a remote control basis by penetrating the industrial controls to increase the level of chemicals used. Obviously, contamination of a water supply can cause serious damage to public health and will have harsh effects on the plant and the water company. The danger is magnified by the fact that it takes weeks, sometimes months, for their detection systems to be alerted. This is precisely the reason why SCADA systems require a different cyber security approach than what is offered by traditional IT-based solutions.
We need to protect people’s safety, and the reliability of the water plant. First and foremost, we need a solution that prevent attacks from entering the control system, not just stopping from propagating or detecting them after the fact. Anything less than prevention will be too little, too late.
Is it possible to prevent online, remote cyberattacks?
Our company provides a solution that protect against all remote online attacks by creating a physical impasse that prevents the flow of communications from entering a SCADA (control) system. Now that the controls are safe, authorized users have access to externally replicated real-time operating data that is sent to corporate IT networks to continue to monitor the water plant’s operations.
It is encouraging to see more and more water & wastewater facilities fortifying their SCADA networks with cyber security technology that actually works. Firewalls are not the solution to protect the ICS perimeter from the Internet, and the issue is too important to neglect.
Lior Frenkel is the CEO and co-founder of Waterfall Security Solutions, a leading provider of unidirectional security gateways, stronger-than-firewalls perimeter security solutions for industrial control networks and critical infrastructures.