2 min read

Cyber attacks on Critical Infrastructure: No Surprise There - Part 1

Ayyeka Prevents Cyber attacks on Critical Infrastructure

Utilities have been vulnerable for years. The only surprise is how long it took hackers to discover its lucrative value.

The Colonial Pipeline cyber attacks on critical infrastructure revealed to the world just how vulnerable we are to hackers. One breach in an energy company’s network caused shortages and raised gas prices throughout the United States.

Ayyeka Cybersecurity And digitization

To those of us developing digital solutions for critical utilities, the cyberattack was not a surprise. We know that utilities are hacked daily. With no reporting requirements, ransomware is typically paid discreetly and the cost is quietly passed down to the consumer.

Utilities providing critical services, such as energy, water, and wastewater, rely on the synergy between operational technology tools (OT) and informational technology software (IT) in order to maintain quality service. Unfortunately, many of these digital tools practically invite hackers in with a complete lack of cybersecurity procedures and practices.

The Many Possible Attack Sites Available to a Hacker

Why?

Infrastructure is in crisis. The triple threat of aging infrastructure, operational stress caused by growing populations or extreme weather, and increased regulatory compliance reporting challenges the daily operation of critical utilities. Pipes, transmission lines, bridges, and roads struggle to supply daily needs. Whatever budget exists is spent on improving services. (See the ASCE 2021 Infrastructure Report Card for more dismal details.)

Digital tools are the most effective and cost-efficient way to boost the operational abilities of crumbling, critical infrastructure. Wherever adopted, digitization brings resilience and efficiency to aging utilities. Unfortunately, cybersecurity gaps between operational technology and informational technology leave utilities vulnerable to cyberattacks.

The OT — IT Disconnect

Today’s digital transformation of critical infrastructure is happening in two, separate realms. Operational technology (OT) tools drastically improve existing automation processes and present new ways to work more efficiently. Informational technology (IT) includes the gamut of software tools applied to the operational system.

The Industrial Internet of Things is a powerful tool in bringing resilience to critical infrastructure. It is also where OT and IT meet. A physical device, hardware, is deployed in the field to create data. The data created by this operational technology is transferred to informational technology, and software platforms, for analysis. When IT tools run algorithms and machine learning to the data provided by OT, actionable insights bring a new level of operational efficiency to the utility.

However, this sophisticated tool runs on two separate technologies. Many times, the technologies are provided by different sources. The cybersecurity measures in each separate technology never fully overlap, leaving holes for hackers to exploit.

Necessary Cybersecurity Measures to be Implemented

What Now?

All a hacker needs for a successful cyber attack is one vulnerability. One opportunity eventually grants the hacker complete access to the system. The complex digital tools used by critical infrastructure have plenty of vulnerabilities for hackers to manipulate.

Cybersecurity must be integrated into the holistic architecture of digital solutions, and constantly updated to remain effective against the newest threats and vulnerabilities.

Utilities will not dedicate scarce resources to cybersecurity unless forced to do so. The public must pressure legislators at every level to institute binding cybersecurity protocols for all infrastructure providing critical services.

The gold standard of TLS v1.3 is a defined and actionable set of cybersecurity protocols. No solution used by critical public utilities that involve data communication should operate without it.

The Colonial Pipeline attack brought cyberattacks on critical infrastructure into the spotlight. Now is the time to demand a responsible approach to cybersecurity. Any network is only as secure as its weakest asset.

Cyberattacks could happen to anyone. They will happen to the least protected. Our infrastructure is too important to be the least protected.

Learn more about cybersecurity and continue to the Second Part of this article.

Where will the next generation of water professionals come from?

1 min read

The silver tsunami is sinking the water industry

The silver tsunami is upon us. A huge wave of baby boomers are now hitting retirement age and leaving the workforce. This mass exodus of experienced...

Read More
Guess what the next step is to improve your water network

1 min read

Guess How You Can Update Your Water Network. It's All About Data

Water is the basis of life, and environmental concerns are forcing government entities to rethink how they manage the public water supply. Floods,...

Read More
Climate adaptation rather than climate change is the new norm

1 min read

Changing the mindset about floods from management to adaptation

Extreme weather events are no longer a "freak of nature" or a "once in a hundred years storm" and happen with alarming regularity.

Read More