It is no secret that we live in an environment of increasing cyber threats from both state and non-state actors rapidly spreading to all public and private sectors. Given that, it is important to understand the cyber threats and mitigation measures as applied to Municipal SCADA Systems.
Adversaries from around the globe are motivated to access US municipal infrastructure for non-espionage purposes, with the goal of using dormant malicious threats as an offensive strategy to be used in war time. We have also seen attacks such as the SCADA system takeover at the Florida Water Utility where hackers used several techniques to infiltrate the network and access the SCADA computer to adjust lye-dosing to unsafe levels. If not detected as fast as it was, there would have been significant impact to the community. There is also the threat of Ransomware used to steal data and completely disable the computers and servers on the network as a profit-based business model.
In past posts we have commented on Security of Industrial Networks, which discusses industrial network segmentation, and Remote Access & Support, which discusses a strategy to protect SCADA from attacks when internet connectivity is required. But, what else can municipalities do to protect against these cyber threats? There are many resources available from government and private agencies to assist with preventing cybersecurity attacks, however, the information can be daunting. Not only that, often times there are simply not enough resources available to help strategize a prevention policy and recovery plan.
Industrial Systems works with our clients in a collaborative manner to help identify possible vulnerabilities and develop and implement cybersecurity plans, personnel training programs, disaster recovery plans and more. A typical project begins with an installation base assessment of the system, including computer(s), software, network design, and controls hardware. Workshops are then held to discuss vulnerabilities and prioritize around them. From this preparation work, we are able to deliver cybersecurity improvement plans. Once our clients’ needs are fully defined, we create and help implement cybersecurity policies as well as backup and disaster recovery plans.
If you are responsible for the cybersecurity of a municipal SCADA system, please reach out to us or the professionals of your choice to help make sure your system is as safe and secure as it can be.