Anatomy of an Industrial Attack

We had a great turnout for our recent cybersecurity webinar, "Anatomy of an Industrial Attack." The insightful session delved into the intricacies of a cyber attack on a water treatment plant. Speakers Mike Killian, Cloud Range Alliances Director, and Pedro Martinez, Cloud Range Attack Master, provided their expertise, drawing from a wealth of experience in the cybersecurity realm, including roles in the US Army and supporting the Department of Defense and intelligence community. 

Here are the key takeaways from the discussion:

Critical Infrastructure Vulnerabilities

The webinar dissected an attack on a Florida water treatment facility in 2021, emphasizing the critical vulnerabilities that allowed hackers to manipulate sodium hydroxide levels. This incident underscored the potential life-threatening consequences of cyber attacks on industrial systems.

Outdated Systems and Weaknesses

The attackers exploited outdated operating systems, leveraging unsegregated corporate access to the industrial control system (ICS) environment. The use of TeamViewer with uniform passwords across environments further highlighted security lapses.

Real-World Impact

The consequences of such attacks extend beyond digital systems. The survey of utilities and oil executives revealed disruptions affecting supply chains for days, with remediation costs ranging from $5 million to $11 million per incident.

Proactive Cybersecurity Measures

To prevent such incidents, the speakers stressed the importance of proactive measures. These include updating operating systems, implementing multi-factor authentication (MFA), auditing networks, and regularly updating security tools. The importance of network segmentation to prevent lateral movement during attacks was highlighted.

OT Security Challenges

Bridging the gap between IT and operational technology (OT) security teams emerged as a critical challenge. Organizational alignment, understanding the unique risks each environment poses, and adopting a layered security approach were recommended to enhance defense mechanisms.

Advanced tabletop exercises are a great way to align IT and OT priorities and exercise playbooks. When conducted regularly throughout the year, they help keep everyone on the same page.

Continuous Monitoring and Training

Security teams must adopt a proactive stance, continuously monitoring for anomalies, implementing whitelisting, and training the workforce to recognize and report social engineering attempts.

Physical Security Measures

Beyond cyber defenses, the webinar emphasized the need for physical security measures in industrial systems. This includes pressure switches, gearing valves, and assessing the physical security needs of chemical reservoirs.

Upcoming Challenges

Looking ahead, the speakers foresaw challenges arising from the increasing interconnectivity of IT, OT, and IoT devices. The increasing attack surface is resulting in more and more cyber attacks that affect or target cyber-physical systems. It is crucial for cybersecurity teams to be ready to respond to incidents on critical infrastructure and OT systems. That’s why many organizations are taking advantage of Cloud Range’s unique virtual IT/OT cyber range and live-fire attack simulation exercises that upskill cyber practitioners, provide real-world experience in detecting and remediating attacks, and ensure IT and OT teams know how to collaborate and communicate effectively.

It’s important to look out for threats and APTs that are targeting critical infrastructure. For example, there is an Iranian hacking group that's targeting water systems. It has been attacking ICS environments and technology that runs physical systems, called programmable logic controllers, that are developed by Israel. These devices are commonly used in water and wastewater systems, as well as across various industries such as energy, food and beverage manufacturing, and healthcare. The issue is further exacerbated by the decentralized structure of the US water industry, which comprises approximately 165,000 drinking water and wastewater systems in total. A significant number of these systems lack fundamental cybersecurity safeguards.

In conclusion, the webinar provided valuable insights into the evolving landscape of industrial cyber threats. As organizations grapple with securing critical infrastructure, adopting a holistic approach that combines technological, organizational, and physical security measures is paramount.

Stay tuned for more webinars and resources to stay ahead in the ever-changing cybersecurity landscape.