Public utility systems are now connected to the Internet for easy monitoring. Which means, hackers can turn off water to an entire city. Malware can cause a blackout for an entire country. Imagine a nation without any gas. Water, power, gas, traffic systems, dams are all at risk of unauthorized access in today’s networked world.
U.S Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) an Incident Response Activity report, which states that, a ‘sophisticated threat actor accessed the control system server’. Apparently, the device was directly connected to the Internet and was not protected by a firewall or authentication access controls. This is truly alarming.
Here is a summary of vulnerabilities detected on public utility industrial control systems in 2013 as described in the report:
Authentication – 33%
Denial of Service – 14%
Protocol Vulnerability – 7%
Remote Code Execution – 3%
SQL Injection – 3%
Public utility systems – especially the ones connected to the Internet – must be protected from malware and intrusion. Failure to do so will affect millions with disastrous consequences.
Here’s how public utility systems can be protected:
- Use a Cloud-based security solution where the management console is hosted on the Cloud. This provides additional security since the console is secure and is always isolated from the physical network of managed computers.
- Install an Anti-Virus with an Intrusion Detection System on the public utility server.
- Use a System Restore solution. Any malware is removed upon reboot. Make sure the solution is supported on Server operating systems as well.
- Use a Whitelisting solution that allows only authorized executables to run.
ICS-CERT also published a document that details the recommended practice for securing industrial control systems. The document ‘Improving Industrial Control Systems Cybersecurity with Defense-In-Depth Strategies’ highlights the importance of Intrusion Detection Systems for securing industrial control systems.
Are your public utility systems protected? Evaluate the security needs for your public utility systems and implement security strategies before it’s too late!