From The Editor | November 20, 2017

Bringing Utilities Together To Fight Cybercrime

Peter Chawaga - editor

By Peter Chawaga

As with many other industries today, it is astounding just how much drinking water and wastewater treatment operations rely on technology.

Between the digital controls that activate treatment technology, the computers that monitor chemical levels, and the cloud-connected devices that link the plant with the outside world, modern utilities are veritable cyber hubs. And with all of that advanced technology come risks.

“Water and wastewater systems and their employees are doing more online — relying more than ever on access to the internet,” said Michael Arceneaux, the managing director of the Water Information Sharing and Analysis Center (WaterISAC), a utility membership organization tasked with protecting water utilities from intentional harm. “There are lots of beneficial internet-dependent technologies that can help utilities improve performance and satisfy customers’ needs. But at the same time … cybercriminals are coming up with more and more effective ways to steal sensitive information and money.”

With that threat only poised to grow as utility dependence on technology does, WaterISAC has partnered with Perch Security, a firm offering threat intelligence for those without their own analysts, to offer its members access to a repository of cyber threat intelligence data and monitoring services.

“It negates the need for the facility to have analysts in-house, which would traditionally be analyzing their networks themselves for any threat indicators,” said Aharon Chernin, founder and CEO of Perch. “Automated threat detection takes the burden off the facility. They have a team of skilled Perch analysts working to further analyze and notify them when action is needed.”

The idea of crowdsourcing threat monitoring may not be novel, but it is serving a growing need in the utility space.

“WaterISAC has found that ransomware is an ever-present threat, usually the result of an employee clicking on a malicious link or ad or inserting an infected USB stick,” Arceneaux said. “We have also seen several attempts of ‘business email compromise’… scams, where a cybercriminal mimics an email from a utility executive to direct an employee to wire utility funds to the criminal’s account.”
While many of the cyber threats faced by utilities are the same as those faced by other businesses or even individuals, some would argue that more is at stake.

“The water and wastewater sector is a critical infrastructure sector … and thus, is in the crosshairs of what cybersecurity professionals call ‘advanced persistent threats,’ or APTs, usually out of Eastern Europe, North Korea, and China,” said Arceneaux. “The intermediate goal of some APTs is to steal operational information from critical infrastructures, while their ultimate goal could be — if called upon — to disrupt lifeline services.”

For instance, Arceneaux cited Dragonfly, an APT that has been known to target the water and energy sector. The hope is that by sharing security data through a central broker like Perch, utilities can draw from collective insight to better combat these bad actors.

“Sharing sightings of threats strengthens and validates WaterISAC’s threat intelligence and helps everyone else in the community prioritize their efforts,” said Chernin. “Until now, sharing required effort and investment on the part of each contributing facility.”

Through its partnership with WaterISAC, Perch will automatically share information with contributing facilities through its online portal. Utility users can log in and see a high-level view of all the threats that Perch thinks their facility faces. The system can send them alerts when a compromise is detected in their network, help remediate any present threats, or allow them to create their own alerts.

Ultimately, it is a system that makes treatment facilities safer by bringing them together. After all, they shouldn’t have to go it alone.

“WaterISAC … restricts membership to ensure that everyone participating has similar vulnerabilities, priorities for data protection, and are prone to the same types of cyberattack,” Chernin said. “Part of our mission is to support and grow communities like WaterISAC by providing an easy, cost-effective way for any size facility to connect and interact with their threat intelligence.”