search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
Spotlight |


Building greater cyber resilience in hydropower infrastructure


Martin Riley, Director of Managed Security Services at Bridewell Consulting, explains why it’s time to shift to an integrated approach to cyber security based on effective threat detection and response.


AS A LEADING SOURCE of renewable energy across the world and a vital part of the nation’s critical infrastructure, the integrity and security of hydroelectric facilities is of paramount importance. Regrettably, however, the past year has seen a vast number of cyber attacks on critical national infrastructure (CNI) globally.


In February, hackers remotely accessed the Oldsmar water treatment system1


in Florida, temporarily


changing the plant’s sodium hydroxide setting to a dangerous level. Meanwhile, Queensland’s largest regional water supplier, Sunwater, was targeted by criminals in a cyber security breach2


that went


undetected for nine months. Each attack had a different motive and threat vector, which only emphasises why CNI organisations, such as water companies, need to be hypervigilant to a wide range of cyber threats.


Critical national infrastructure will always be a prime


target for nation state cyber attacks: the economic importance and interconnectivity it encompasses ensures that any breach will cause maximum damage and disruption to daily life. However, preventing such crimes is almost impossible due to the arsenal of funds available to bad actors. To strengthen their cyber defences in an evolving threat landscape, hydroelectric operators and developers must shift their focus from outright prevention to improving cyber posture and resilience.


Hydropower: a prime target According to Bridewell Research3


86% of CNI


organisations have detected cyber attacks on their operational technology (OT) and industrial control systems (ICS) in the last 12 months, with the water and transport sectors experiencing the most successful attacks. In many cases, ageing infrastructure has magnified vulnerability to attack: over three quarters (79%) of organisations’ main OT systems are over five years old and a third over 10 years old. At the same time, attack surfaces are increasingly vast with most organisations making OT systems accessible remotely and over the internet. Hydropower plants are particularly vulnerable to attack due to their reliance on supervisory control and data acquisition (SCADA) systems – an electromechanical system in which software can be used to control vast, physical objects. Traditionally organisations have managed SCADA systems on their own closed private networks,


8 | March 2022 | www.waterpowermagazine.com


however, the recent move towards remote working has forced organisations to connect these systems with wider IT infrastructure and the internet. As a result, companies that fail to take proper security precautions when making such connections, or have weaker IT and OT segregation and no additional controls or visibility, unwittingly allow nefarious actors to cause large-scale outages or costly physical damage with just a few lines of code.


What are the risks? In addition to the evolving risks posed by ageing and


increasingly connected infrastructure, hydropower faces an array of complex cyber threats. Ransomware has evolved from being a malware issue to a highly sophisticated and profitable human endeavour, meaning organisations are now at risk from skilled operators with high levels of offensive security knowledge. Harnessing the power of automation and wormable ransomware, such as WannaCrypt and NotPetva, cyber criminals can gain access to an organisation, meticulously survey the environment, and then launch a large-scale attack on data and systems.


In 2019, Norsk Hydro ASA, a major aluminium and


hydropower producer, was stricken by an extensive ransomware attack4


that forced its entire global


network offline and inflicted tens of millions of pounds in damage. LockerGoga, the ransomware in question, had only been established two months before the attack, helping it to easily evade traditional security solutions and swiftly take hold. The increasing severity of recent intrusions – coupled with the criticality of water infrastructure – highlights the growing need for organisations to fully integrate cyber security into their risk assessment and mitigation programmes. Beyond the threat of ransomware, companies face risks from vulnerabilities in the supply chain which could provide a foothold into hydropower infrastructure, allowing criminals to compromise large sections of an organisation. As they can only protect what is in their control, organisations are realising the need to review their own cyber posture and build cyber resilience.


Shifting from reactive to proactive The security model in CNI usually leverages the


Purdue model, which is more secure than most organisations, but is being eroded by remote working


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37