The Proliferation Of Cyber Threats To Water And …

Critical Infrastructure Protection The Who, What, Why, and How of Counterterrorism Issues
Photo provided by Pexels

Cyber Attacks Likely to Increase | Pew Research Center

Reports of potential cyber attacks against the water supply are not new. However, it is the emergence of Advanced Persistent Threats (APT) — those defined by stealth, persistence, sophistication and discovery — that are the cause of present day concern. With a large number of the water and wastewater being small to medium entities, they may not have the security expertise to spot and deter any attack against them. Also, the industry tends to prolong the life of its systems more than others sectors in the critical infrastructure, often 30 years or more. This leaves obsolete computer systems essential to the operation of the plant, but unable to be adequately patched or protected from new vulnerabilities.

20/11/2011 · FBI and Homeland Security launch probe as foreign cyber attackers target U.S. water supply . By Daily Mail Reporter Updated: 06:20 …
Photo provided by Pexels

Internet-connected systems are inviting targets

The potential for threat is not new. "It has long been recognized that among publicutilities, water supply facilities offer a particularly vulnerable point ofattack to the foreign agent, due to the strategic position they occupy inkeeping the wheels of industry turning and in preserving the health and moraleof the American populace," wrote John Edgar Hoover, the first director ofthe FBI, shortly before the Japanese invasion of Pearl Harbor (Hoover, 1941).

Key themes: Yes, there will be major cyber attacks causing widespread harm
Photo provided by Pexels

About the Author: Graham Speake is the Vice President and Chief Product Architect at NexDefense. With over 30 years experience in industrial engineering, Graham is a control systems and cyber security expert. In addition to his role at NexDefense, Graham is a SANS trainer and a subject-matter expert to the GIAC Global Industrial Cyber Security Professional (GICSP) certification. Prior to NexDefense, Graham was Principal Systems Architect at Yokogawa Electric Corporation, a major supplier of ICS and SCADA equipment. His responsibilities included the steering and development of security within Yokogawa products, ensuring that relevant security certifications such as ISA Secure and Achilles were achieved. Before Yokogawa, Graham spent nearly 10 years with BP, securing critical plants, such as refineries and oil platforms, in both the U.K and the U.S. Graham also served as an executive with Industrial Control Services, where he developed the software for one of the first computer-based emergency shutdown systems. The software solution, known as EPIC (Emergency, Process, Instrument and Control), was successfully deployed by multiple oil and gas platforms in the North Sea and operated for more than 20 years. Graham is the author of several books on Linux and has been a technical editor for books on hacking.

Resources for Business | US-CERT
Photo provided by Pexels


Texarkana Gazette | Texarkana Breaking News

The threat and reality of cyber attacks canaffect the entire infrastructure network. Prof. James T. Lambert of theUniversity of Virginia, in a presentation to the participants of a USEnvironmental Protection Agency (USEPA) sponsored workshop, cited researchshowing that many water utility SCADA systems are susceptible to hacking, whichcould result in disclosure or theft of sensitive information, corruption ofinformation, or, at the worst extreme, denial of service (USEPA/DOE Workshop:Lambert). Because many supervisory control and data acquisition (SCADA) systemsare not connected to the Internet, the threat of a cyber attack is most likelyto come from a disgruntled employee with access to the system.

Quora: The Future of Cybersecurity - Newsweek

PDD 63 established the National Infrastructure Protection Center (NIPC), and appointed the USEPA aslead federal agency on critical infrastructure protection issues for the watersupply sector (National Security Council, 1998). USEPA subsequently appointed DianeVanDe Hei, executive director of the Association of Metropolitan Water Agencies(AMWA) as the water sector liaison to the federal government on criticalinfrastructure. USEPA is funding, in cooperation with the AWWA ResearchFoundation, a research project to develop a vulnerability assessmentmethodology. AMWA established a national Critical Infrastructure ProtectionAdvisory Group (CIPAG), which began meeting in January 2001. Comprised ofindustry representatives, with technical support from water associations andfederal agencies such as USEPA, FBI, and the Department of Energy, the CIPAG isproviding guidance to a variety of activities, including:

Think Again: Cyberwar – Foreign Policy

"Three attributes are crucial to water supply users. There must be adequate quantities of wateron demand; it must be delivered at sufficient pressure; and it must be safe foruse. Actions that affect any of these three factors can be debilitating for theinfrastructure," states the water sector summary report crafted by thepresidential commission tasked with presenting a case for increased securitymeasures of the nation's infrastructure (President's Commission, 1997). Avariety of methods could be used to undermine these three essential functionsof a water supply system.