The Sentryo Files are back for a second season! We would like to take a look back at an emblematic cyberattack in the environmental field. Read our account of the attack on a wastewater treatment plant.
Remote breach of a wastewater treatment plant in Australia
In 2000 a former employee of the IT company that installed the SCADA system for a wastewater treatment plant in the county of Maroochy (Queensland) targeted a workstation in that same industrial plant. The perpetrator’s job application was refused by the Maroochy Shire Council and so he decided to take control of the plant as revenge. As a result of this cyber incident, 800m3 of wastewater was pumped into surrounding waterways. The perpetrator was sentenced to 2 years in prison.
The attack on a wastewater treatment plant- an act of revenge
Sometimes very few resources are needed to cause an environmental catastrophe— with consequences, however, that are not as dire as those of the cyberattack on a water treatment plant in 2015.
After having stolen radio equipment from his employer, the perpetrator sent commands, on 46 separate occasions, to the control system of the plant and caused the spill of hundreds of thousands of raw sewage. Thanks to his knowledge of the plant’s industrial processes, he even managed to disguise his malicious acts as a system malfunction.
The security flaws behind the attack
One potential reason why the cyberattack was successful is because the plant used a data transfer protocol that, although proprietary, was unencrypted. This security flaw allowed the perpetrator to use a radio transmitter to remotely take control of the plant. Supervising connected equipment and managing access rights to the industrial network are fundamental elements in ensuring cybersecurity.
The measures to implement
The County of Maroochy’s wastewater treatment plant could have implemented various measures to protect itself against this malicious act:
- Implementing anti-replay mechanisms prevents legitimate sequences from being replayed in man-in-the-middle (MITM) attack types. This hacking technique intercepts encrypted exchanges between two people or two computers to decode the messages and modify the content.
- Using a supervisory solution to detect abnormal events and launch incident management procedures.
- Setting up control processes for authorizations and equipment connected to the network in order to limit the risk of malicious intrusions.
- Awareness building and training for employees who need to be able to distinguish between malfunctions and malicious attacks.
A cyberattack may have serious environmental and health consequences. Heads of industrial infrastructures must protect their industrial systems from the environmental risks they are exposed to by implementing suitable industrial security solutions.
Sources: reports drafted by the SCADA work group of the French Information Security Club (Clusif) in 2017.