Managing cybersecurity is a tall order for industrial infrastructures and even taller for industries whose activities deal with natural resources: water treatment plants, oil drilling platforms, nuclear plants, etc. All of these sites are choice targets for hackers. If they fall victim to a cyberattack, the consequences for the environment could be disastrous. To prevent these risks these industrial sites must, at all costs, integrate cybersecurity into their processes.
Actual environmental risks
Today, many industrial systems control installations that have an impact on the environment, whether water treatment plants or plants that use chemical processes, such as SEVESO sites. All activities within these infrastructures are run by interconnected automatic controllers which are sometimes connected to the internet. As a result, these systems are not always well protected and are extremely vulnerable to cyberattacks.
An attack on these types of infrastructures could have serious consequences above and beyond just a mere data leak. Verizon’s report “Data Breach Digest” describes how hackers interfered with a water treatment plant in the United States by modifying the dose of chemicals used to treat water. As it’s usually the case, the attackers narrowed in on an easy target with little protection but did not have an intention of causing damage to this particular plant. Unaware of how the pumps regulating doses worked and with little knowledge of how the plant ran in general, the attackers did not cause substantial damage. However, this example illustrates how carrying out a targeted attack with little to no preparation can have an impact on the general population.
What’s worse, researchers at the Georgia Institute of Technology (GIT) created a ransomware capable of taking control of a water treatment plant and threatened to cut off the supply system and even poison the water supply for the entire town by increasing chlorine levels. This incident brings to light the unsettling ease with which cyberattackers can disrupt vital services.
Environmental industries: an easy target for cyberattackers?
Equipping critical infrastructures with a powerful cybersecurity system is essential. Even more so today when anybody can access an unlimited amount of data pertaining to connected objects. In fact, the search engine Shodan, also known as the Google for the IoT, can instantly locate objects connected to the internet anywhere in the world. By using Shodan, an internet user could potentially locate a water purification plant and obtain all kinds of information. Those who are just curious might be satisfied with just having a look but, people with malicious intents on the other hand, could use this data to buy time during an attack or take control of the site’s information systems. Intruders could then have full access and time to modify the systems, the running of the plant and, in turn, cause damage to the infrastructure and the environment.
Example for Shodan: Envac is a pioneer in automated waste collection systems for towns and hospitals, among others.
Monitoring your network to prevent attacks
To avoid attacks, industrial sites must be able to completely monitor their activities as well as the activities on their networks. For this, an alert system is essential for identifying intrusion attempts and the slightest changes made to the network. As the Stuxnet case showed, even the tiniest change to the way production tools operate can have significant long-term consequences. Thanks to its ICS CyberVision, Sentryo allows industries to protect themselves from these threats and to anticipate problems linked to cyberattacks.
For industrial sites, going digital is a great opportunity as it simplifies processes and renders infrastructures automatic. However, industrial systems and the networks they are connected to must be completely secured. The impact of a cyberattack is real and can be huge. Only a suitable security strategy can provide protection and prevent negative consequences from harming the environment.
Credits: Fanjianhua – Freepik