August 2022, a month to remember, not only have we just seen the hottest temperatures recorded here in the UK, but England’s Lionesses had finally brought football home. Go Ladies!!
Due to ongoing heatwave, we are seeing hosepipe bans in parts of the country that has not been enacted since 1976. While we bask in the sun and reminisce of the lioness’s success for Euro 2022, it is hard to think there are daily challenges around the security of water supply which are dealt with by operators daily over and above what is stored in the reservoirs.
In February 2021 we saw a hacker used a common IT remote access application ‘Team Viewer’ to take control of a workstation at the water treatment plant in Oldsmar, Florida. We see issues like this happen in other parts of the world but surely this isn’t something that could happen here over in the United Kingdom.
Leaking water pipes perhaps but leaking data, surely not?
Heat Stroke and Hot Water
On Monday 15th August there was a cyber-attack from Cl0p ransomware group who claimed they had compromised Thames Water, which was refuted as a “cyber hoax.”
Whereas the water company in ‘Hot Water’ was in fact South Staffs Water who confirmed on that they were the victim of the cyber-attack. Cl0p had got their ‘customers’ muddled up!
Cl0p claimed to have access to SCADA (Supervisory Control and Data Acquisition) industrial control systems that control the water process including the chemicals mix, a claim that South Staffs Water refutes. "This incident has not affected our ability to supply safe water," the company said.
While Clop claims to have access to the network, it has not encrypted it, claiming "we do not attack critical infrastructure". Despite that, Cl0p claims to have stolen more than 5TB of data and is trying to extort a ransom payment in exchange for not releasing it.
It was only a matter of time before there was a publicly disclosed compromise against utilities and, or other critical sectors here in the UK, I hope that we can learn lessons from this event and share the good practice with others to prevent similar issues in the future.
There is no ‘silver bullet’ to secure these industries, many of which have been running assets for many years, have been struggling with demand, obsolescence, recovering from changes that COVID 19 brought to the workplace as well as trying to tackle the ongoing changes to the security landscape.
As it is still early days to fully determine what the root cause of this breach was, it is likely to be something simple that a human got wrong such as clicking a link, the re-use of a leaked passwords, a missing security patch or anti-virus signature out of date.
House of Cards
Security is only as strong as your weakest link, I’m reassured by the fact that this security incident has been contained, which is testament to South Staffs approach, however I’m still left wondering when will be the next one and will it be so lucky next time?
As the attacks in cyber space continue, there is an increased risk from state actors as well as cyber criminals within our highly connected world. We are still recovering from the worst pandemic in 100 years, while trying to balance budgets which are being eroded by inflation and increased requirements from the cyber insurance industry as well as the need to address new threats.
Attack or Retreat
Now is not the time to take risk or put off what we ‘know’ we need to do to make our system more secure. Now, is the time to plan for the future. Embrace what digital transformation and technological enhancements can do to drive efficiencies to our businesses while making our place of work a safer and more secure environment.