Cybersecurity has become a critical issue for today’s utility facilities. Never has the threat been so prevalent. Water, electricity, gas, and oil are the foundation of a country’s infrastructure and, unfortunately, have become a target for ruthless bad actors.
Two examples of recent cyberattacks against U.S. infrastructure are the SolarWinds, and the Colonial Pipeline hacks.
SolarWinds Cyberattack
Based in Tulsa, Oklahoma, SolarWinds is a major software company that provides network and infrastructure monitoring tools to hundreds of thousands of organizations worldwide. On December 13, 2020, advanced persistent threat (APT) actors infiltrated the chain supply of SolarWinds, inserting a backdoor into their product Orion. As customers accessed Orion, this “Trojan Horse” virus enabled attackers to access the systems running the program. As a result, more than 18,000 public and private organizations were compromised.
This attack was unprecedented and affected government departments such as Homeland Security and private companies such as Microsoft, Intel, and Cisco. In addition, the North American Electric Reliability Corp. (NERC) confirmed that approximately 25 percent of the country’s utilities were exposed.
NERC Senior Vice President, Manny Cancel, stated that the “overwhelming majority of utilities did not experience any of the indicators of compromise, meaning the command-and-control activity. From that respect, we did not see what some of the other sectors were seeing with the compromise.”
However, some security experts are not as optimistic.
David Doggett, a senior strategist at Red Balloon Security, wrote in an email:
I don’t think we can confidently conclude that there hasn’t been follow-on activity yet. We are possibly overlooking the likelihood of a more disturbing outcome—not just spying but persistent access in order to disrupt networks, devices, and industrial control systems
Colonial Pipeline Cyber Attack
On May 6, 2021, a gang called DarkSide hacked the Colonial Pipeline by stealing a single password. Joseph Blount, CEO of Colonial Pipeline, told a U.S. Senate committee that the attack happened using a legacy Virtual Private Network (VPN) that did not have a multifactor authentication (MFA) process in place. Blount said, “In the case of this particular legacy VPN, it only had a single-factor authentication. It was a complicated password. I want to be clear on that. It was not a Colonial 123-type password.”
According to the Cybersecurity and Infrastructure Security Agency (CISA):
The use of single-factor authentication for remote or administrative access to systems supporting the operation of Critical Infrastructure and National Critical Functions (NCF) is dangerous and significantly elevates risk to national security, national economic security, and national health and safety.”
DarkSide stole 100 gigabytes of data within two hours of the breach. Then the IT system was infected with ransomware, locking many of its systems, including billing and accounting.
When the company became aware of the breach, the pipeline was shut down, and they notified the FBI, CISA, U.S. Department of Energy (DOE), and Department of Homeland Security (DOH).
After Colonial Pipeline paid DarkSide their ransom, they received the decryption key and regained control of the system.
The Colonial Pipeline was restarted on May 12, 2021.
Strong Cybersecurity is Paramount
Utility providers have their hands full with the threat of physical attacks, cybersecurity attacks, and natural disasters. In addition, with the increasing use of smart, connected infrastructure throughout the country (such as power grids and pipelines), utility service providers have multiple entry points to various databases they have to defend. The stakes could not be higher; people’s safety, health, and even lives depend on these types of services.
Because utility services are vital to our well-being, the U.S. has developed strict security regulations complete with penalties and fines for non-compliance. Several government organizations are charged with working together to prevent and react to security threats for all utility control centers, stations, and substations. These include:
- CISA
- Department of Energy (DOE)
- Environmental Protection Agency (EPA)
- FBI
- Federal Energy Regulatory Commission (FERC)
- Homeland Security (DOH)
- North American Electric Reliability Corporation (NERC)
However, all these agencies and their regulations did not prevent the breaches. But, on a brighter note, lessons were learned.
Cybersecurity Lessons Learned
In response to the recent SolarWind and Colonial Pipeline attacks (and many others worldwide), CISA opened a GitHub Bad Practices discussion page where IT professionals can share their expertise and ask cybersecurity questions. In addition, the organization announced that they added the use of a single password log-in to their list of bad practices.
Simply switching to multi-factor authentication (MFA) makes it infinitely more difficult for bad actors to carry out a successful hack. In fact, a study project conducted by Google, New York University, and University of California San Diego found that the use of on-device prompts, an ultra-secure form of MFA, “helped prevent 100 percent of automated bots, 99 percent of bulk phishing attacks, and 90 percent of targeted attacks.”
To view CISA’s current list of harmful practices, visit their Bad Practices website.
Further, CISA has identified an additional seven bad cybersecurity practices that all IT professionals should be aware of:
- The use of weak cryptographic functions or key sizes
- The use of flat network topologies
- Allowing the mingling of IT and OT networks
- Allowing everyone to have administrative privileges
- The use of previously compromised systems without sanitization
- Allowing transmission of sensitive, unencrypted/unauthenticated traffic over uncontrolled networks
- Having poor physical controls
In a recent article, CISA stated:
Although these Bad Practices should be avoided by all organizations, they are especially dangerous in organizations that support Critical Infrastructure or National Critical Functions.
CISA encourages all organizations to review the Bad Practice webpage and to engage in the necessary actions and critical conversations to address Bad Practices.
Conclusion
Safeguarding the security of critical infrastructure can not be overemphasized. Threats are on the rise as our IoT-connected world expands. Infrastructure facilities must stay compliant with all federal regulations—upgrades must be kept in pace with the ever-evolving hacking schemes. Fortunately, technology continues to evolve too, and embracing state-of-the-art cybersecurity technologies and equipment (along with learning from our mistakes) will make it more difficult for cybercriminals to wreak havoc.
Planet Technology USA has a full line of quality industrial Power over Ethernet (PoE) solutions that are resistant to harsh environments and extreme temperatures. Our PoE industrial units are top-of-the-line, efficient, and cost-effective. To see our extensive portfolio of last-mile networking products, click here.
The post The Challenges of Cybersecurity in the Utility Sector appeared first on Planet Technology USA.
