[BreachExchange] Cyber Attack Haunts a Public Water Supply System. Again!

Tue Apr 27 10:35:21 EDT 2021

https://securityboulevard.com/2021/04/cyber-attack-haunts-a-public-water-supply-system-again/

In my previous blog, I had described how and why it is important for
critical agencies to ensure that they are secure from cyber threats lurking
around. If you have not read the blog then I strongly suggest you should.
The reason being that another cyber attack has taken place, where a
malicious actor has targeted critical infrastructure, and this time it is
Ellsworth Water Plant at Kansas.

It is worth mentioning that it is not the first time cyber criminals are
targeting a water supply system. A similar incident occurred when cyber
criminals tried to  poison a water plant in Florida, USA.

Cyber Attack on Water Treatment Plant in Ellsworth (Kansas)
A former worker of a water treatment plant in Ellsworth, Kansas (USA)
remotely accessed a Post Rock Water District computer system to shut down
the cleaning and disinfecting processes. Notably, shutting down of water
cleaning and disinfection processes leaves the water contaminated with
unwanted chemicals and biological agents. And such cyber attacks on water
utilities can seriously damage public health at an unimaginable level.

This Has a Background
In the year 2018, the US Department of Homeland Security (DHS) and the FBI
came out with a warning that the Russian government is specifically
targeting the critical infrastructure in the US, especially the water
supply system. The US government decided to form Cybersecurity and
Infrastructure Security Agency (CISA) in the same year to protect critical
infrastructure from cyber threats.

In line with the efforts to deal with the cyber security challenges facing
the US, the Biden administration has also announced that they are launching
an ‘urgent initiative’ to improve the cyber security in the country. This
also includes a proposal to increase CISA’s budget by 30% as part of the
COVID-19 relief package.

Improving the Cyber Security Outlook of Critical Agencies
In an article published by Duo, it was mentioned that in the cyber attack
on water treatment plant in Florida, the computers, which were connected to
the control systems, used an outdated Windows 7 operating system. Moreover,
all the computers used the same password for remote access and lacked
firewall protection.

However, cyber attack on Ellsworth’s water plant was different. The said
former worker, the perpetrator in this case, used to access computers for
plant monitoring purposes. At the time of his departure, his access
credentials were not revoked. This is where the plant authorities committed
a blunder.

These two cases present us with lessons to be learned. However, other than
this, there are some cyber security best practices that can help in
avoiding mishaps. Some of them are mentioned below:

1. Awareness
Cyber security awareness should be the foundation of an organization’s
cyber security policies. In this regard, every enterprise, small or big,
should opt for security awareness tools for generating and improving the
overall cyber security awareness in their organization.
ThreatCop is one such cyber security awareness tool that uses simulation
and awareness content for educating the employees of an organization about
cyber security. This tool can help you reduce the cyber security risks
originating from employee negligence in your organization by up to 90%.

2. Strong Password Policy in the Organization
Organizations should encourage the use of strong passwords to protect their
control systems and information from unauthorized access. Employees should
be told to create a strong password that consists of a combination of upper
and lower case alphabets, numbers, and symbols. Moreover, making them aware
of unique and different passwords for each accounts or files are mandatory.

3. Use Multi-Factor Authentication (MFA)
Using MFA is an added protection for your access credentials. It adds an
extra layer of protection for your data, even if you have mistakenly given
away your credentials on a fake landing page or in an email. SMS/Email
Token Authentication can be used for this purpose.

4. Conducting Vulnerability Assessment and Penetration Testing (VAPT)
It is essential for organizations to know and patch their cyber security
vulnerabilities and conducting VAPT is the best way to find out the voids
in the cyber security infrastructure of your organization.

5. Using Phishing Incident Response Tool
As emails have become one of the most used media for sending malicious
content, organizations should consider using Phishing Incident Response
Tools such as Threat Alert Button (TAB). This tool helps in the early
detection and removal of phishing emails from the inbox of employees.

Conclusion
As the world becomes more digital, the cyber attackers are waiting for an
opportunity to pounce upon us. Therefore, it is now more important than
ever for enterprises to take steps to chart out a holistic cyber security
policy.

According to you, what role does cyber security awareness play in the
overall threat posture of the organization?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210427/39e9b018/attachment.html>