As the investigation into the recent cyberattack on Arkansas City’s water treatment facility unfolds, cybersecurity experts have been highlighting the continuing risks to utilities from cyber-warfare.
Shawn Waldman CEO and Founder of Secure Cyber, says that this incident highlights the continued vulnerability of large infrastructure, as he has told Digital Journal: “Here we go again—another water treatment facility has been compromised. While Arkansas City has assured there is no immediate threat to the drinking water, it’s worth discussing how such critical infrastructure becomes vulnerable to cyberattacks.”
There are specific concerns with water utilities, which Waldman draws out: “One common way water treatment facilities are targeted is by improperly exposing remote access to the Internet. This is frequently seen in water and wastewater plants because it provides external companies with easy access to perform maintenance. Unfortunately, this access is often insecure, making the facility an easy target for external threat actors.”
Design factors also lead to concerns, says Waldman: “Another vulnerability comes from poor network segmentation between the city’s administrative network and the treatment facility’s operational network. This lack of separation can allow an attack originating within the city’s network to infiltrate critical infrastructure, such as a water treatment plant. In some cases, there isn’t even a firewall in place to separate the administrative network from the control systems.”
Human Machine Interfaces also present vulnerabilities (a user interface or dashboard that connects a person to a machine, system, or device).
Here Waldman states: “Lastly, inadequate protection of Human Machine Interface (HMI) systems is a major concern. HMIs allow engineers to control water flow, open and close valves, and manage chemical outputs, making them one of the most sensitive parts of the facility. A breach here could lead to dangerous changes in the water supply.”
With solutions, he observes: “More modern security measures, like Endpoint Detection and Response (EDR) systems, are crucial. EDR is highly effective at preventing ransomware and other malicious activity on sensitive systems.”
As the primary user interface for controlling equipment or a process, the HMI is among the most targeted aspects of the industrial control system (ICS) infrastructure.
A related concern is with future cyberattacks. Here Waldman is worried, noting: “Unfortunately, we can expect more attacks like this in the future, particularly as the U.S. remains involved in global conflicts, such as those involving Russia and the Middle East. Now is the time for water and wastewater operators to proactively evaluate their facilities’ cybersecurity and address vulnerabilities before they become gateways for cybercriminals.”