Cybersecurity For Public Utilities Solutions II

By John Forrester January 11, 2023

Cybersecurity For Public Utilities Solutions II

Cyberattacks launched on municipal utility companies are similar to attacks in any other industry. However, the potential for OT attacks and the dangers of a major service disruption has raised the stakes. Miller outlines in this article [1] the most common cybersecurity attacks that have affected municipal utility companies. 

Denial of Service 

Attacks that stop users from accessing essential networks are typically referred to as denial of service (DoS) or distributed denial of service (DDoS) attacks. A DoS attack is initiated by a single attacking computer. A DDoS attack is launched by multiple attacking devices. While the attack is in progress, companies can’t access the means to provide services. These attacks have serious implications for any company, but the interruption of essential services like electricity or running water can quickly become disastrous.  Unfortunately, given the lack of training many utilities are particularly vulnerable to denial of service attacks. While these attacks are difficult to deal with, more work on raising an awareness of the issues and possible counter-measures would be invaluable.

Malware 

Advanced malware typically provides attackers with a way to breach utility networks and find information for more advanced attacks. Malware attacks generally come in different forms and are introduced in networks in a variety of ways. The most common malware types exploit endpoint vulnerabilities. 

  • Backdoor Malware: Hackers insert undetected malware into a network for a variety of motives ranging from data theft, network control, and the possibility of spreading additional malware to disrupt critical services. 

  • Trojans: Advanced malware masked as routine network activity can be used to move laterally within a network and steal high-level credentials that allow attackers to access sensitive data or gain control over the system.  Certainly, adequate firewalls and intrusion detection systems can be helpful but they tend to be expensive. Miller stops short of outlining measures that smaller utilities could take to combat malware.

Ransomware 

Utility companies handle and store a wealth of sensitive data. They’re also responsible for distributing essential services and maintain critical infrastructure. When attackers successfully access utility networks, they often end up the services hostage until the company pays a large ransom. Services may be restored after a ransom is paid, but there is certainly no guarantee of payment. In our experience, Miller fails to pay enough attention to the need to focus on more effective employee training and raising awareness to combat these ransomware attacks that are often triggered by phishing incidents.

Phishing

  Phishing is used on utility companies in the same way as attackers target employees in any organization. Attackers email unsuspecting employees at every level to gain access to sensitive information or breach the network. Phishing can be especially effective within the utility sector because employees rarely have the security training to recognize the threat. 


[1] Miller, Jason. Cybersecurity for Utilities: Municipal Utilities have become a major target Ransomware, Cyber Attacks, Critical Infrastructure 06/02/2021