Cyber-attacks on Public Utilities

Most of us believe that Cyber Security is a subject/matter of concern only for the BFSI industry and IT/ITES industry. Many fail to realize that the Public Utilities / Government Infrastructures too are on the target of Cyber Criminals / State-sponsored Hackers.

It is possible for cyber criminals & hackers to cause wide-spread damage and even destabilize Government operations in given city or state through a well-coordinated attack. It can be as simple as a brute-force attack on utility infrastructure by hacking into poorly deployed IoT/IIoT devices or Utility Meters and then using those hacked IoT/IIoT devices as threat-agents to bring down target utility infrastructure by simply overwhelming the target system(s).

Look at the latest news update talking about Cybercriminals targeting Ram Mandir and Prasar Bharti sites. What I am trying to highlight here is that cyber-criminals would be thinking in many more ways to cause harm than what we generally wish to believe.

(https://telecom.economictimes.indiatimes.com/news/cybercriminals-targeted-ram-mandir-prasar-bharti-sites/108252421?utm_source=Mailer&utm_medium=newsletter&utm_campaign=ettelecom_news_2024-03-06&dt=2024-03-06&em=bWlsaW5kLnBhZ2FyQGFrc2VudHQuaW4=)

?

We know that there is no silver-bullet solution when it comes to Cyber Security. One must be vigilant and always try (yes, TRY) to keep up with the hackers; who, unfortunately in most cases are little ahead of us in this game.

?

1.?????? Investing and deploying carefully planned and architected Cyber Security Framework is the first step to safeguard your infrastructure. It is not always possible to ensure and protect every component of an enterprise under the unified umbrella of Cyber Security Solution; therefore, one may choose to prioritize the security aspect of different sub-systems and then plan the execution accordingly.

2.?????? Monitoring using right tools and responding through right skill-sets is the second step.

3.?????? As the third step, reporting and accepting the Cyber-incident is something that one must condition their organization for. We know that for more than one reasons, organizations are forced to deny the occurrence of Cyber-breach; but at least accepting it internally and seeking help from professional solution providers to control the situation is the key to prevent further damage.

?

Coming back to Protecting Utility Infrastructures, here are some effective practices to provide Cybersecurity for Utilities:

• Implement Threat Detection Systems

1. Identify potential cyber risks and establish processes to mitigate them.
2. Regularly monitor for anomalies and suspicious behaviour across the utility infrastructure.

• Secure Physical Utility Infrastructure

1. Protect critical assets (power generation plants, transmission networks, sub-stations, water reservoir controls, water treatment facilities and even STP sites).
2. Implement access control systems, CCTV surveillance and deploy sensor-based perimeter security systems.

• Perform Regular System Security Audits

1. Assess vulnerabilities in your IT and operational technology (OT) systems.
2. Work towards identifying and addressing those weaknesses promptly.

• Train Your Staff on Security Protocols

1. Educate employees about cybersecurity practices.
2. Emphasize password hygiene, email security and incident reporting.

• Implement Data Backups & Recovery Plans

1. Regularly back up critical data supported through carefully planned archive policy.
2. Develop robust disaster recovery (DR) and business continuity plans (BCP).

• Improve Password Use & Management

1. Prepare and enforce a strong password policy across organization.
2. Implement MFA (Multi-Factor Authentication).

• Use a Security Framework as a Guide

1. Establish and follow security frameworks for comprehensive security.
2. Continuously assess and improve your Government Department’s / organization’s security posture.

Safeguarding utilities against cyberattacks requires one to take a holistic approach while practicing collaboration and taking time to perform monitoring/reporting/corrective actions.

Consider subscribing to SOC Services from Cyber Security Services Providers or invest to build a SOC of your own.

However, this won’t give you 100% guarantee/assurance against cyber threats. There is still a high possibility of the utility infrastructure facing a cyber-attack.

Here are some common types of cyber threats faced by utility / Government departments:

• Hacking

1. Cybercriminals exploit vulnerabilities in public-facing applications, such as websites or databases.
2. Hacking attempts aim to gain unauthorized access to systems, steal data or disrupt operations to cause disturbance and hamper governance.

• Phishing

1. Phishing attacks involve tricking users into revealing sensitive information (such as login credentials) through deceptive emails or messages.
2. Utility/Department employees and customers may receive phishing emails that appear legitimate but contain malicious links or attachments.

• Ransomware

1. In a ransomware attack, malicious software may encrypt critical systems or data, rendering them inaccessible; thereby bringing entire department’s functions to a grinding halt; causing heavy revenue loss.
2. Attackers demand a ransom in exchange for providing the decryption key.
3. Ransomware can disrupt utility operations and impact services across city/state.

• Denial-of-Service (DoS) / Distributed Denial-of-Service (DDoS) Attacks

1. DoS/DDoS attacks flood a network or web server with false requests, overwhelming the system and making it unavailable to legitimate users.
2. Utilities may face service disruptions due to DoS/DDoS attacks; causing far more disturbance for the citizens.

• Remote Access Trojans

1. Remote Access Trojans are malicious programs that can allow attackers to gain unauthorized access to a department’s computer systems or network infrastructure even when the branch offices are connected over MPLS.
2. Attackers can then control compromised systems remotely, potentially affecting utility infrastructure / department’s functions and operations.

• Spyware

1. Spyware monitors user activity without their knowledge or consent.
2. Utilities may unknowingly become targets of spyware, compromising sensitive user/consumer information; which could also result in political issues at times.

• Insider Threats

1. Insider threats involve malicious actions by employees, contractors or service providing partner(s).
2. Once can’t ignore the possibility of a disgruntled employees or contractors intentionally compromising utility systems.

• DNS Tunnelling

1. DNS tunnelling can exploit the Domain Name System (DNS) to bypass security controls.
2. Attackers can use DNS requests to exfiltrate critical data or establish covert communication channels with your internal systems.

• IoT/IIoT-Based Attacks

1. Internet of Things (IoT) / Industrial Internet of Things (IIoT) devices in utilities (such as water sensors/ smart water meters/ smart electric meters) may have vulnerabilities.
2. Attackers can exploit weak security architecture used by IoT/IIoT devices to gain access to a part of or entire utility networks.

• Supply Chain Attacks

1. Attackers can target third-party vendors or suppliers connected to utility systems / hosted applications.
2. Compromised supply chain partners can introduce malware or vulnerabilities; which can then be exploited by hackers.

To mitigate these threats, utilities must prioritize cybersecurity as a function, define department-wise cyber-security frameworks, implement robust cyber-defense mechanisms and stay informed about emerging risks.

?

?