An urgent warning from multiple cybersecurity organisations in May 2024 highlighted the current threat faced by modern industries, such as the dams industry.
In a collaborative effort, a joint statement was issued by various US organisations, including the National Security Agency, Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigation, Environmental Protection Agency, and the Departments of Energy and Agriculture, along with the UK’s National Cyber Security Centre, and the Canadian Centre for Cyber Security. They warned that pro-Russia hacktivists were conducting malicious cyber activity and compromising small-scale OT systems across North American and Europe, targeting water and wastewater systems, dams, energy, and food and agriculture sectors.
Since 2022, the authoring organisations say they’ve observed malicious activity and had released a joint guidance to share information and mitigations. Giving an overview of the threat, they stated although pro-Russia hacktivist activity against these sectors was mostly limited to unsophisticated techniques to create nuisance effects, they were also capable of posing physical threats against insecure and misconfigured OT environments. Indeed pro-Russia hacktivists have been observed gaining remote access via a combination of exploiting publicly exposed internet-facing connections and outdated software, as well as using factory default passwords and weak passwords without multifactor authentication.
In 2024, the CISA and the FBI responded to several US-based water and waste water victims who experienced limited physical disruptions from an unauthorised user remotely. Specifically, pro-Russia hacktivists caused water pumps and blower equipment to exceed their normal operating parameters. In each case, the hacktivists maxed out set points, altered other settings, turned off alarm mechanisms, and changed administrative passwords to lock out the operators. Some victims experienced minor tank overflow events but most victims reverted to manual controls in the immediate aftermath and quickly restored operations.
“ [In 2024] we have observed pro-Russia hacktivists expand their targeting to include vulnerable North American and European industrial control systems,” said Dave Luber, Director of Cybersecurity at the National Security Agency in the US. “NSA highly recommends critical infrastructure organisations’ OT administrators implement the mitigations outlined, especially changing any default passwords, to improve their cybersecurity posture and reduce their system’s vulnerability to this type of targeting.”
The recommendations in the factsheet entitled, Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity, included hardening human machine interfaces, limiting exposure of OT systems to the internet, using strong and unique passwords, and implementing multifactor authentication for all access to the OT network.
Cybersecurity survey
In today’s advanced and complex threat landscape, cybersecurity is increasingly becoming a cornerstone of many organisations’ growth strategies and business plans, according to the fourth edition of Deloitte’s Global Future of Cyber Survey.
Released in October 2024, the company’s largest cyber-related survey to date shows how decision-makers are shifting their responses to threats. Among other strategies, businesses are increasing the responsibility and strategic influence assigned to chief information security officers (CISOs), promoting further involvement on cybersecurity-related matters, and turning to measures like artificial intelligence (AI).
With the threat landscape evolving, as reported threats related to data-loss impacted 28% of organisations last year – up by 14% on 2023, 57% of respondents anticipate increasing their budget for cybersecurity over the next two years.
“The rise of AI and other evolving technologies has significantly transformed the threat landscape. As threats become more sophisticated and impactful to core business, CISOs are increasingly required to adopt a more strategic role driving cross business risk prioritisation and mitigation,” said Emily Mossburg, Deloitte Global Cyber Leader. “The close relationship between CISOs and CEOs is a testament to the role security plays in a business’s long-term success. Today, CISOs are not only protectors against outside threats, but key players helping their organisation find success by integrating cyber considerations in the strategic decision-making process.”
SCADA scares
Olginate dam in Italy has been used to demonstrate the effectiveness of possible strategies to protect against cyber attacks on Supervisory Control and Data Acquisition (SCADA) systems.
As SCADA systems are often linked to critical infrastructure such as power grids and dams, they’re often targeted in cyber-warfare due to the social and economic damage that could be inflicted on a national and international scale. In recent years, such attacks on SCADA systems have soared.
SCADAs are no longer isolated, and as web-based applications expose strategic infrastructure to the outside world, so that avoiding attack is described as being almost impossible. However recent research has focused on developing a model predictive control (MPC) architecture capable of mitigating the impact of attacks on the communication between the controller and actuator.
The proposed MPC strategy’s effectiveness was demonstrated in two attack scenarios on a real system with actual data from the Olginate dam.
Blockchain technology and cybersecurity
The use of blockchain technology in dam infrastructure management is described as offering a possible solution to the problem of enhancing the cyber security and monitoring of dams. It’s described as being a decentralised and tamper-resistant platform for storing and managing data.
Blockchain technology provides a transparent and immutable record of all transactions and data related to the operation of gates, water levels, and other important parameters. Its decentralised property ensures that data is distributed across a network of nodes, reducing the risk of a single point of failure or unauthorised access. The tamper-resistant property of blockchain ensures the integrity of data generated by sensors and monitoring systems. This feature is important in relation to intentional data manipulations that could compromise the reliability of water level readings.
Recent research undertaken by Peng et al in Taiwan has demonstrated such possible benefits of integrating dam infrastructure management with blockchain technology. It’s described as not only being an integration of enhanced security and monitoring, it also shows the possibilities for resilient and efficient operations.
References
Model Predictive Control with adaptive resilience for Denial-of-Service Attacks mitigation on a Regulated Dam. Raffaele G. Cestari , Stefano Longari, Stefano Zanero, Simone Formentin arXiv:2402.18516.
https://doi.org/10.48550/arXiv.2402.18516
Enhancing Dam Security and Water Level Alerting with Blockchain Technology by YingCheng Wu, Jung-Shian Li, Chu-Fen Li, I-Hsien Liu. CAROB2024, J:COM Horuto Hall, Oita, Japan, 2024
