13 Mar 2017 Keeping Water Clean from Cyber Attacks
Recently we’ve received a lot of interest from water and waste management facilities regarding our Unidirectional Security Gateway– which is making me wonder what’s brought this on? Let’s look at the facts. The primary source for cyber risks in water and waste management facilities comes from the use of wide-area-networks (WANs) for monitoring and the collection of data. A typical water site has two primary WAN connections: One to the corporate network, and through that network to the Internet, and customers, partners and vendors. The other WAN is connected to pumping stations and remote sensors to gather important data that regulates the state of the water. Sometimes these networks are the same – for example, people might use the Internet to interact with their remote sensors. Traditionally, these WANs have been protected with firewalls. Unfortunately, firewalls are not a strong enough security solution to prevent cyberattacks from entering water facilities’ control systems.
It’s “just” water, what can a cyber hacker accomplish?
One of the greatest concerns for managers of any industrial site is the contamination of the water, executed by a hacker on a remote control basis by penetrating the industrial controls to increase the level of chemicals used. Obviously, contamination of a water supply can cause serious damage to public health and will have harsh effects on the plant and the water company. The danger is magnified by the fact that it takes weeks, sometimes months, for their detection systems to be alerted.
This is precisely the reason why SCADA systems require a different cyber security approach than what is offered by traditional IT-based solutions. We need to protect people’s safety, and the reliability of the water plant. First and foremost, we need a solution that prevent attacks from entering the control system, not just stopping from propagating or detecting them after the fact. Anything less than prevention will be too little, too late.
Is it possible to prevent online, remote cyberattacks?
The Waterfall Unidirectional Security Gateway provides protection against all remote online attacks by creating a physical impasse that prevents the flow of communications from entering a SCADA (control) system. Now that the controls are safe, authorized users have access to externally replicated real-time operating data that is sent to corporate IT networks to continue to monitor the water plant’s operations.
It is encouraging to see more and more water & wastewater facilities fortifying their SCADA networks with cyber security technology that actually works. Firewalls are not the solution to protect the ICS perimeter from the Internet, and the issue is too important to neglect.