Richard Robinson/CEO Cynalytica Inc.
August 15, 2024
As threats to critical infrastructure grow, the importance of Wastewater Cybersecurity cannot be overstated.
The Growing Threat from Nation-State APTs
Nation-state APT groups, such as the Iranian Cyber Av3ngers are increasingly targeting Industrial Control Systems (ICS) integral to water and wastewater treatment facilities. These groups have the capability to compromise and manipulate key components like Programmable Logic Controllers (PLC), Human Machine Interfaces (HMI), and Engineering Workstations.
The essential role of Serial and Analog (Non-IP) communications, often referred to as “Legacy”, at the field device level in Industrial Control Systems (ICS) underscores a critical area of vulnerability that is often underestimated in traditional cybersecurity approaches. These communication methods, while fundamental to the operation of many industrial processes, require specialized security strategies to address the unique risks they present, ensuring the protection and reliability of critical infrastructure.
Recent years have seen a surge in cyber-attacks targeting ICS, with nation-state APT groups leading the charge. These adversaries possess the resources and expertise to execute prolonged and stealthy campaigns aimed at disrupting or controlling water and wastewater treatment operations. The potential for such attacks to disrupt water supply, compromise water quality, and endanger public health makes them a significant concern for facility operators (WaterISAC, 2021).
Vulnerabilities in Water and Wastewater Treatment Systems
Water and wastewater treatment facilities are inherently vulnerable due to their reliance on legacy systems, lack of encryption, and the use of proprietary protocols that were not designed with security in mind. A massive portion of ICS communication in these facilities occurs at the field device level using Serial and Analog (Non-IP) based communication protocols. These communication channels are critical for the operation of PLCs, HMIs, and Engineering Workstations but are often overlooked in traditional cybersecurity strategies that focus on Ethernet (IP)-based network traffic.
Monitoring Non-IP communications provides a deeper and more comprehensive understanding of the control environment. Field devices in water and wastewater treatment facilities often communicate using serial and analog signals, and these channels can reveal valuable information about the operational status and potential anomalies within the ICS. By collecting and analyzing Non-IP data, operators can achieve superior situational awareness, enabling them to detect and respond to threats more effectively.
Enhanced Situational Awareness: Monitoring Non-IP communications allows operators to observe the actual commands and responses between field devices, providing a granular view of the control processes. This visibility can help identify unusual patterns or unauthorized activities indicative of a cyber intrusion.
Early Detection and Tripwire Capability: By establishing baselines for normal Non-IP communication behavior, any deviations can serve as early indicators of potential APT activity. This tripwire capability is essential for timely detection and mitigation of cyber threats before they can cause grave damage.
Complementary to Existing Security Measures: Integrating Non-IP communication monitoring with traditional IP-based security measures creates a layered defense strategy, enhancing the overall security posture of the ICS environment.
Case Study: Iranian APT Groups
Iranian APT groups have been particularly active in targeting critical infrastructure. Notable examples include the Iranian group Cyber Av3ngers.
The Cyber Av3ngers group has been implicated in numerous cyber-attacks targeting ICS, particularly in the water sector. Their tactics include spear-phishing and exploiting vulnerabilities in unpatched systems, allowing them to gain control over critical components such as PLCs and HMIs.
This underscores the urgent need for enhanced cybersecurity measures in water and wastewater treatment facilities to defend against these persistent and evolving threats.
Cynalytica’s Unique Capabilities
Among ICS cybersecurity companies, Cynalytica stands out for its ability to monitor and analyze Non-IP communications. Their solutions provide water and wastewater treatment facility operators with the tools necessary to gain comprehensive situational awareness and enhance their defense against nation-state APT threats.
SerialGuard: Cynalytica’s SerialGuard passively and safely monitors serial communications, capturing data without disrupting operational processes. This capability is vital for detecting cyber-physical anomalies and potential intrusions in real-time.
OTNetGuard: By extending monitoring to OT networks, Cynalytica ensures that both IP and Non-IP communications are monitored, providing a holistic view of the ICS environment.
AnalytICS Engine: Leveraging advanced analytics through CyrenQL and CyrenAI, Cynalytica’s AnalytICS Engine processes and analyzes vast amounts of control communications data, identifying patterns and threats with high precision.
As nation-state APT groups continue to evolve and target water and wastewater treatment facilities, and other Critical US Infrastructure it is imperative for operators to adopt comprehensive monitoring solutions that also include Non-IP communications. The enhanced situational awareness provided by monitoring serial and analog signals is crucial for defending against sophisticated cyber threats. Cynalytica’s unique capabilities in this domain make it an indispensable partner for facility operators seeking to secure their critical infrastructure against the growing threat landscape.
References
CISA.GOV (2023) IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities.Retrieved from
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-335a
WaterISAC. (2021). Analysis of Cyber Threats to Water and Wastewater Systems. Retrieved from
https://www.waterisac.org/resources/analysis-cyber-threats-water-and-wastewater-systems
CyberAv3ngers (MITRE|ATT&CK). Retrieved from
https://attack.mitre.org/groups/G1027/
Jamie Tarabay and Katrina Manson. (2023, December 22). Iranian-Linked Hacks Expose Failure to Safeguard US Water System. Retrieved March 25, 2024. Retrieved from
https://www.bloomberg.com/news/articles/2023-12-22/iranian-linked-hacks-expose-failure-to-safeguard-us-water-system