Effective Defending of Municipal Infrastructure Against Cyber Attacks

Effective Defending of Municipal Infrastructure Against Cyber Attacks

This post is also available in: heעברית (Hebrew)

Daniel Ehrenreich

Supervisory Control and Data Acquisition (SCADA) experts are well aware that there is no single measure (“no silver bullet”) that provides absolute cyber defense. The municipal water and sewage utilities are considered critical infrastructures, as they directly affect the welfare and health of the population. They must take all precautions and deploy applicable technologies to be prepared for unexpected events, and in spite of using legacy and outdated hardware, operating system and communications they must be ready for these challenges. With the growth of cyber-attack capabilities by hackers who are directed by countries and hostile organizations, protecting SCADA systems, especially the legacy types have become a challenging task. Realizing the threats caused by maintenance mistakes, operator errors and malfunctions, an effective approach is needed which is capable to assure the Safety and Reliability of these infrastructure.

There are several ways for protecting SCADA systems, and each method has its advantages and drawback. In the past the cyber security of SCADA systems mostly relied on using air-gap isolation, firewalls, unidirectional gateways (diode), Demilitarized Zone (DMZ) for network segmentation, etc. The recent industry trend refers to use of Anomaly Behavior Analysis using Big Data techniques, performing the function of Industrial Intrusion Detection System (IIDS). One may ask; why this method delivers more effective cyber defense than those provided by other cyber defense technologies. There are several reasons for that:

  • Capable collecting raw data from SCADA servers and historian databases and perform fast analysis
  • Effective for detecting internally and externally generated cyber attacks, targeted to the SCADA system
  • Does not rely on defense methods based on published signatures and known vulnerabilities.
  • Capable detecting cyber attacks, operator mistakes and unusual situations caused by a malfunction
  • Analyzing both communication anomalies and process-control anomalies, based on learned baseline
  • Does not interfere with the SCADA operation and does not overload SCADA server processes
  • Effectively deal with Denial of Service (DoS), Distributed DoS and Zero-Day attacks on the system
  • Effective for protecting modern as well as legacy type SCADA systems using range of RTUs and PLCs
  • These IIDS use strong computers, are scalable and expandable as your system and needs needs grow
  • Easy for installation and deployment, does not require costly training, operates automatically
  • Capable analyzing and detecting not optimal SCADA process, and generate saving opportunities
  • Interoperable with Security Information and Event Management (SIEM) from a range of other vendors
  • Equally effective for large scale Energy Management as well as power distribution systems (EMS, DMS)
  • Capable operating with large scale Distributed Control Systems (DCS) controlling power plant operation
  • The IIDS software us upgradeable and remotely updateable through service contract with the vendor

While today’s cyber attacks are done by professional entities operated by hostile countries and commercial organizations the cyber defense challenges have become more complex. The conclusion is, that special attention is required and systematic investment shall be allocated to achieve continuous, safe and reliable operation of the water and sewage infrastructure for the well-being of the people in the country.

Daniel Ehrenreich (BSc) is an independent consultant at Secure Communications and Control Experts-SCCE. Daniel has gained professional experience of over 25 years in the field of control systems for water, oil and gas and electricity while working for Motorola, Siemens and Waterfall Security. Daniel is presently consulting to industrial firms on the subject of integrating control systems with cyber defense, publishing papers and lectures at conferences.