Many countries have an aging utilities infrastructure, and this makes the provision vulnerable to cyberattacks. Such attacks pose threats to the economy, to security and to public safety.
Such attacks could lead to catastrophic system failures, especially at the countless facilities that rely on legacy technologies.
While newer technologies can offer greater protection, risks exist if these defences are broken and arguably the exposed attack surface is expanding rapidly as many facilities become increasingly interconnected through the Internet of Things.
To gain an insight into the current vulnerabilities, Digital Journal heard from expert Adam Maruyama, who is the Field CTO at Garrison Technology, which is now a part of the firm Everfox.
Maruyama begins by assessing the biggest and most famous of cyberattacks on a utility service provider: “In 2021, as the US was reopening from the COVID-19 pandemic, we saw an attack on a single provider – Colonial Pipeline – halt more than 5,500 miles worth of distribution pipeline, with ripple effects to 45 percent of all pipeline operators, and cause states of emergency in more than 17 states.”
This incident created jitters, especially with the U.S., and allowed more concentrated responses to be considered, as Maruyama explains: “It should, therefore, come as no surprise that a multipronged and coordinated attack on utilities would be what CISA Director Jen Easterly described in her testimony to Congress as an “everything, everywhere, all at once” event. If utilities across multiple sectors (e.g., power, telecoms, and water) were targeting, such an event could have an impact far beyond the already-dramatic attack on Colonial Pipeline, bringing much of modern life to a halt temporarily.”
In terms of the economic and societal ramifications, Maruyama says: “And, as Easterly and her counterparts in the FBI, NSA, and Office of the National Cyber Director cautioned, our nation-state adversaries realize it and could use such an attack as a cudgel to break the will of the American people to support our allies in a time of need.”
This has led to energy sector and government actions. Maruyama assesses the response: “Much of the discussion around protecting critical infrastructure has revolved around the operational technology (OT) infrastructure of these providers – environments that control turbines, water pumps, critical telecom switching equipment, and more, and which are often rife with legacy technology. These environments are treated as highly sensitive, and providers make their best efforts to protect them and wall them off from would-be attackers.”
There also needs to be some emphasis upon preventative actions in addition to the response to any such attack. Here Maruyama finds: “But it’s critical to remember that the information technology (IT) environments of providers often play a critical role in operations as well; it was an attack against Colonial Pipeline’s IT infrastructure that drove the understandable decision to temporarily halt operations in 2021.”
In summary, Maruyama indicates: “Having both strong preventative technologies like browser isolation, network segmentation, and proactive attack surface management as well as recovery capabilities in place for the IT network is critical to avoiding an event of this scale.”