Are our infrastructures secure?
As we progress into the 22nd century and the technology advances at an unprecedented rate we must be aware of the cons that come along this path. Cybersecurity entails the act of protecting interconnected networks and other peripherals from outside exploitation. Under our preview we need to ask are dams, power plants, and water plants well protected. Are infrastructures this massive having the power to destroy and wipe out cities if gained controlled over are they secure?
Power plant networks are under constant threat from hackers all over the world. A hacker’s ultimate goal is to breach and gain access to the infrastructures critical controls that come along gaining control of the internal and external firewalls. Ultimately this will give the hacker the control of the whole system which could be exploited to the worst of the cases underhand. Social engineering and phishing attacks are widely used by hackers to enable them gaining access to encrypted data and files. The more penetration can be gained by a hacker into the internal system the greater destruction power it gives to the attacker wherein causing damages to a great extent. When we have underhand facilities as massive and crucial as power plants, water plants one must ensure that the system is well protected and secured to discern any threats and major factors, one way of doing this is limiting the administrative privileges in the hierarchy to prevent leakages and pilferages. All employees of the facility must be kept under constant surveillance and monitoring to ensure there is no internal leakage or breach, further, a centralized monitoring and security surveillance department should ensure strict adherence to all rules and regulations therein making sure internal surveillance of IT systems are of the highest levels possible.
Phishing attacks have become a great threat as a common weapon used by attackers. Passwords and usernames allow the attackers to access the facility from remote locations. Such access for a power plant, water plant, and dams can be as crucial as controlling the whole supply, power linkages or for the matter of fact controlling the whole operations of a dam which can be detrimental to the safety of the whole area. On the other hand, this also gives the hacker the power to gain access to financial and secured data of the facility which is a major breach of security for a country’s sovereignty. Financial and critical operational data should be frequently backed up and encryption should be applied at the highest level possible. Many power plants and water storage facilities lack dedicated IT staff to repel cyber-attacks and counter any breach beforehand. Every facility of such nature needs to make sure it has a dedicated department working to ensure no such events occur and even if they do the department should be ready to counter react as timely as possible.
Do you have the right staff and tools available?
Most power plants around the globe are using VPN’s that is they function on virtual private network connections for startup operations of the plant. VPN’s move critically to the internet connection which provides the attacker with the ability to breach and access the control of the plant which ultimately means the attacker has the power to start and stop whole operations pertaining to the power generation facility being at disposal of the hacker. This in itself means that the damage that can be caused and a breach of such level can be catastrophic for any country under purview. Security updates and constant revaluation of the systems and internal controls must be kept in place to mitigate such risks. A technical team must at all times be kept at disposal to counter react to such attacks and pilferages in systems. Critical patches in the system, as well as counter entry routes in the network, must be identified beforehand to make sure the problem is dealt as effectively and efficiently as possible.
More common methods which are coming to light with recent attacks of power facilities include gaining access to confidential information through sending emails which are from compromised accounts whereby the receiver trusting the sender provides crucial information. This method also known as spearfishing makes the email appear from a known senders list which allures the receiver into opening the email even when the actual email being sent would be from a remote location of the attacker. The hackers also alter websites particularly of the energy segments and the ones that had the most users accessing them. The attackers then used to gather logins and passwords to these websites enabling them to breach into the system for confidential reports and information crucial to the security of the facility. After the attackers had gained access to the logins they would then set up local administrator accounts which would be linked to giving them rights and privileges to install a program into the system hiding their tracks by using methods which would not leave a trace of what had been breached.
Once the attacker gains access to internal systems and controls of the facility the attacker has the ability to control how the power plant generation is taking place and the linkage to the national grid facility. In the case where the attacker gains access to a hydro facility, it gives him the ability to control the spillways and water channels which is a serious concern as one such attack can cause a catastrophe if the facility is compromised. The attacker’s access and breach also give them the power to cause a complete blackout blocking the energy linkages and power being sent out from the facility. The access also exposes all the crucial information including financial, operational or security linkage profiles which in itself is a great threat if such a breach occurs. Power generation is the backbone of any economy and country and a delay of even a microsecond would mean a shutdown causing massive panic and problems associated with other industries and the economy as the whole. Hackers come with the sole objective of destruction and this remote access gives them the added benefit to disguise and operate causing heavy damage to any country or location underhand.
is your internal company information out there?
The attackers in many instances have also seen to observe the information being transmitted through major power plants and power facilities giving them inside operational activity information and processes which are strictly confidential when it comes to supplying of the power and linkage of major cities and facilities countrywide. Social engineering and remote accessing of such facilities by hackers are patterns that have been present in the cybercrime industry for a long time now. The hackers use remotes logins to install packages that further enable them to constantly receive information and feedback through the communication channel they have set up through gaining permissions in the system they are operating into.
When it comes to the national security of facilities such as power generation and water supplies and to effectively counter threats and attacks one must devise a complete internal control system to apprehend and in any case have the complete ability to repel and counter-react to such circumstances and situations. The facilities should make sure that the organizational hierarchy has layers of authentication and verification with each person and dedicated department having two-layer authorization which means a command of security level or information communication must be factored and verified by inter-department approval. A dedicated security task force must always be in a place equipped to counter and repel attacks at any time as effectively as possible. All the IT infrastructure must regularly be updated in terms of security updates. Passwords should be changed frequently with complexity to ensure maximum effectiveness all encryptions must be in place to ensure and counter any breach of critical information of the power facility. Logins and accounts must be accessed only through two-factor authorizations meaning there by any authorized personal trying to access the account must in addition to a password also enter a generated code ID through the system. All communications channels whether emails and exchange of information must be through dedicated secured private lines in order to avoid any leakage of information which may occur and cause any damage. Power Facilities may they be wind farms, hydro-electric or dams for the matter of fact must be kept under constant surveillance centrally by a control system established to monitor effectively the transmission as well as routine operations to link out any anomalies or uncertainties in time before any major attack or breach occurs. The central administration can be linked to all facilities under a certain vicinity to counter any such pilferages of information and to observe the operations actively eliminating any chances of attackers gaining access to the system.
While we advance into this era of technology and today’s state of advancement one must apprehend all the problems that come along this path to make sure every possible attack and breach on national security matters must be dealt strictly and as effectively as possible.
Sjir has over 15 years of experience in information technology, having done various positions at companies such as Blizzard Entertainment, TV4, and Basefarm. He now wields multiple security, cloud, and IT certifications he currently works as an information security engineer.