June 1, 2023
Recently, a ransomware gang broke into a water company. Critical infrastructure providers need to learn from this to avoid what could be disastrous results.

Cyber attacks don’t just have effects in the virtual world. They can also cause problems in the real world for everyone, as a recent incident that seems to have been a near miss showed. South Staffordshire Water, which provides drinking water to more than 1.6 million people in the UK, was hit by what it called a “criminal cyber attack” that messed up its IT networks.

The Clop ransomware group said they had access to industrial systems that control chemicals in the water. However, South Staffordshire Water said this wasn’t true, and the government said there was no effect on the company’s ability to provide safe drinking water.

Clop also said that, even though they were able to get into the network, they didn’t encrypt any data because they “do not attack critical infrastructure.” Still, the hackers said they stole more than 5TB of data and tried to get a ransom in exchange for not giving it back.

Still, the attack raises a scary question: What would have happened if cybercriminals had been able to break into the networks that control water supplies? First of all, this is happening at a very bad time. After months of heatwaves, dought has been declared in many parts of the UK, and cutting off the water supply could have made things much worse.

Then there’s the question of what might have happened if cybercriminals had really been able to change the chemical balance of the water. In this case, it’s not clear if they would have had the power to do so, but hackers have already shown that they can do this kind of cyber attack.

One famous example of this happened last year at a water treatment plant in Florida, where an unknown hacker was able to change the levels of chemicals in the water supply so that it would have been poisonous to drink. The problem was caught before any contaminated water left the plant, which is a good thing because the results could have been very bad.

Cybercriminals know that critical infrastructure is often vulnerable to attacks, and they know how to attack it. Just look at the Colonial Pipeline ransomware attack from last year, which caused people to rush to gas stations and try to hoard it for themselves. This is another example of how a cyber attack can affect what people do in the real world.

Some of these networks are decades old and use old operating systems that can’t get security updates anymore. This makes them easy targets for hackers. Also, more and more Internet of Things devices and sensors are being connected to these networks, which can also leave them open to attacks.

Pipelines, power grids, water supplies, transportation, and even hospitals are all important parts of critical infrastructure that keep everything running. This makes them all attractive targets for hackers, whether they are ransomware groups looking to make money or hacking groups backed by a country that want to cause trouble.

We can make these threats less likely and less harmful by protecting our networks and thinking about how they are technically set up and who has access to them, says the National Cyber Security Centre (NCSC), which warns that an attack could have a “major negative impact on the availability, delivery, or integrity of essential services, leading to severe economic or social consequences or even loss of life.”

Many of the security measures that are needed to protect networks and people from the effects of attacks, which could be big, are the most common and often simplest ways to do things.

Among these are making sure that networks aren’t protected with default or easy-to-guess passwords and that multi-factor authentication (MFA) is used, especially on critical systems. Taking steps like this can help protect critical infrastructure and other groups from most attacks.

Cybersecurity can get harder for critical infrastructure, especially when it comes to older systems. This is why it’s important for the people in charge to know their own network, what’s connected to it, and who has access to it. Taking all of this into account, networks can be kept safe by only letting people in when they need to.

In some cases, that might mean making sure that older systems aren’t connected to the outside internet at all, but are instead on a separate, air-gapped network, preferably offline. It might make some tasks harder to handle, but it’s better than what could happen if a network is broken into.

Cybercriminals are going after more and more important infrastructure, as shown by the South Staffordshire Water attack and the Florida water incident. Action needs to be taken as soon as possible to avoid problems that could be bad not only for organisations but also for people.


Leave a Reply

Your email address will not be published.