For a second, let’s consider what cybercriminals stand to gain from you: financial, ransom, data (operational, client, etc.); even bandwidth, processing, and power. You likely thought of the first few – but have you considered how much processing power you could also be offering for cryptocurrency mining?
Pipelines and Water/Waste Water Utilities are at a particular disadvantage.
Since their critical infrastructure is set up with many distributed assets, they need to be monitored through multiple edge nodes, including RTUs, data loggers, PLCs, & more recently IoT devices. This makes them targets ripe for exploitation by threat-seeking third-parties.
Take for instance a cyberattack in 2020. A natural gas pipeline facility was forced to shut down for two days, affecting the control & communication assets on the Operational Technology (OT) network at a compression facility. More recently, a ransomware attack on a major Refined Products Pipeline IT System required operators to shut down the pipeline affecting the supply of gasoline & diesel to northeastern USA.
Pipelines’ and Water/Waste Water Utilities’ distributed assets will typically have some kind of edge node(s) and communication path back to the Supervisory Control and Data Acquisition (SCADA) system as part of their OT system. Given these systems sit on the edge of the network they are vulnerable and at risk for intrusion.
In general, the OT Systems that manage physical infrastructure and capture real-time asset data are especially vulnerable and are attractive targets for hacking. SCADA & Telemetry Systems are the centerpiece for these utilities’ operations, and therefore require the implementation of a cyber-secure strategy from the field & edge, to the enterprise & cloud. To achieve the advantages of a smart connected infrastructure in terms of safe, reliable, and efficient operations, cyber security in the OT/IT systems is paramount.
So, what steps should you take to help protect your distributed assets and network?
First, get to know the manufacturer of the hardware and software you choose. Use a defense-in-depth approach by layering security, from your connected products and devices, right to the edge network, and include your edge control and the smart software applications that support SCADA and operational technology. Properly segmenting your SCADA network with the use of a DMZ (demilitarized zone) to pass data from your SCADA to your enterprise systems in a secure way, can help reduce your vulnerabilities and attack surface to your OT System.
Cybersecurity is an ongoing journey that needs constant attention and will continue to evolve at a fast pace.
We are living in a time when automation hardware and software life cycles are decreasing mainly due to the systems’ needs to cope with next-gen cybersecurity features, communication standards, operating systems, and its ability to be compatible with security patches and practices. A next generation of cyber secure hardened automation hardware by design is required to cope with the cyber challenges. Equally important are robust cybersecurity features at the SCADA software layer and associated architecture where such SCADA systems are deployed.
Schneider Electric has a dedicated Cybersecurity services team and SCADA & Telemetry experts to help you on your journey to operate robust and cyber-secure pipeline and utility distribution networks.
One gas pipeline operator customer recently shared, “I had your joint Schneider Electric / Nozomi demo today which was impressive, but with what I saw today from a 15-minute data capture on a site (with which) I have some familiarity, I am blown away.”
Furthermore, our Cybersecurity team is vendor-agnostic and has knowledge across IT & OT environments, and has domain expertise in Oil & Gas and Water Networks.