by James Laughlin, Managing Editor
Automation technology is spreading through the water industry as companies and utilities strive for increased efficiency and improved treatment processes. Industrial control systems monitor and control everything from pumps that move the water to chemical dosing systems that provide disinfection. While they can be great time and money savers, automated systems can also be a point of vulnerability.
I read an interesting white paper recently released by Trend Micro discussing the danger hackers pose for critical infrastructure. As a test, security researcher Kyle Wilhoit connected two dummy industrial control systems (ICS) and one real one to the Internet to see if they would be attacked and how long it would take.
It took about 18 hours.
Wilhoit used what he called a "honeypot" architecture that emulated several types of ICS/SCADA devices that are commonly used in the industry. They included a mix of high- and low-interaction devices and were designed to mimic the setup of a water pressure station in a small town in rural America. The honeypots included an array of common vulnerabilities and misconfigurations often found in process control software and hardware.
In the course of 28 days, the three devices were attacked a total of 39 times, with about 35 percent of the attacks coming from China; 19 percent were from the U.S. Twelve were unique attacks and could be classified as "targeted," while 13 were repeated by several of the same actors over a period of several days. Attackers often appeared to use automated tools that search out industrial systems on the Internet. When the hackers identify a site that might be vulnerable, they move in to probe the site and manipulate devices if possible.
The attacks included modifying settings to change water pressure and stop the flow on a water pump. Because the attacks made use of techniques specific to industrial control systems, Wilhoit believes they were carried out by people intent on finding and either controlling or disrupting such systems. Some of the attacks involved sending emails to the administrator address he or she made available. Attachments to those emails hid previously unknown malicious software designed to take over a commonly used controller for industrial control systems.
The Trend Micro paper offers a variety of recommendations to help secure those vulnerable systems. The first step is to simply understand that the systems ARE vulnerable and why. Simple steps include disabling Internet access to key resources, if possible, and requiring username/password combinations for all systems.
In this age where seemingly everything is connected to the Internet, security of control systems is paramount. You might think that no one would have reason to hack into your control system but, truth be told, they don't need a reason. Many hackers are just out to cause chaos and are always happy to find vulnerable systems.
Of course, others might have more sinister reasons. I can certainly envision the day when cyber warfare becomes a reality. What better way to overcome an enemy state than by crippling their infrastructure and industry?
You can find a copy of the Trend Micro paper, "Who's Really Attacking Your ICS Devices?", here: http://blog.trendmicro.com/trendlabs-security-intelligence/whos-really-attacking-your-ics-devices.
