Monday, March 20, 2023
  • Advertise With Us
  • Write For Us
  • Contact Us
  • About Us
  • Editorial Calendar
Download Latest Issue - Free!
The Cyber Express
GISEC
  • MagazineDownload
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacking News
    • Ransomware News
    • Vulnerabilities
    Microsoft Outlook Vulnerability

    Microsoft Outlook Zero Day Vulnerability Actively Exploited

    GISEC Global 2023

    GISEC Global 2023: H.E. Dr Mohamed Hamad Al-Kuwaiti Recognized for Outstanding Contributions in Advancing Global Cybersecurity

    Gamekaking Data Breach

    Gamekaking Data Breach? Leakbase Claims to Upload 19 Million Rows of Stolen Information

    Medusa Ransomware Group

    Medusa Ransomware Group Targets National Institute of Ocean Technology

    BreachForums

    FBI Arrests BreachForums Operator ‘Pompompurin’, Slaps Cybercrime Charges

    Clop Ransomware Group Adds Hitachi Energy

    Hitachi Energy Confirms Security Incident After Clop Ransomware Adds it to Victim List

    Onex Data Exposed

    Onex Data Exposed, Linked to GoAnywhere MFT Security Incident

    Euler Finance Cyber Attack

    Euler Finance Cyber Attack Hackers Returns $165k to Victim

    Independent Living Systems Data Breach

    Independent Living Systems Data Breach Puts 4.2 Million Individuals at Risk

  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    BreachForums

    FBI Arrests BreachForums Operator ‘Pompompurin’, Slaps Cybercrime Charges

    Cybersecurity Excellence Awards

    Cybersecurity Excellence Awards: Cyble Rated Fastest Growing Cybersecurity Company

    Insider threat mitigation

    Behavioral Psychology, a Boon for Insider Risk Mitigation

    Safer Internet

    International Safer Internet Day: How Safe Are Our Teenagers Online?

    TRAI

    TRAI Asked to Involve MoD in Drafting Big Data Regulations & Policies

    cybersecurity

    Cybersecurity incidents may soon be ‘uninsurable’

    Australia

    Australia Ropes in Tech Veterans to Set Up Cyber Action Plan

    Active Directory

    Prevent Ransomware: Save the Active Directory

    Privacy Penalty Bill

    Privacy Penalty Bill: Australian Parliament Approves Heavy Fines

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business News
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    GISEC Global 2023

    GISEC Global 2023: H.E. Dr Mohamed Hamad Al-Kuwaiti Recognized for Outstanding Contributions in Advancing Global Cybersecurity

    GISEC Global 2023

    GISEC Global 2023: Knowledge Sharing, Collaboration Vital to Fend off Cyberattacks, say Experts

    Call & Contact Center Expo 2023 Las Vegas

    Call & Contact Center Expo 2023 Las Vegas

    Former BookMyShow CTO Mahesh Vandi Chalil

    Cyble Appoints Former BookMyShow CTO Mahesh Vandi Chalil as Chief Product and Technology Officer

    GISEC 2023

    GISEC 2023: Microsoft Highlights Zero Trust Approach and Mixed Reality Policing Tools

    GISEC Global 2023

    GISEC Global 2023: ‘Take the Fight to Cyber Attackers’ Urges UAE Cybersecurity Council Paper

    Cyble in Forbes List

    Cyble Recognized by Forbes as One of America’s Best Startup Employers 2023

    Cybersecurity Excellence Awards

    Cybersecurity Excellence Awards: Cyble Rated Fastest Growing Cybersecurity Company

    Cyble Among Top 50 Emerging Companies

    Cyble Among Top 50 Emerging Companies Across Governance Risk & Compliance Solutions Sector

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • EventsCyberCon
    •  Cyber Security Webinar
    • World CyberCon Middle East 2023
    • Endorsed Events
No Result
View All Result
The Cyber Express
  • MagazineDownload
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacking News
    • Ransomware News
    • Vulnerabilities
    Microsoft Outlook Vulnerability

    Microsoft Outlook Zero Day Vulnerability Actively Exploited

    GISEC Global 2023

    GISEC Global 2023: H.E. Dr Mohamed Hamad Al-Kuwaiti Recognized for Outstanding Contributions in Advancing Global Cybersecurity

    Gamekaking Data Breach

    Gamekaking Data Breach? Leakbase Claims to Upload 19 Million Rows of Stolen Information

    Medusa Ransomware Group

    Medusa Ransomware Group Targets National Institute of Ocean Technology

    BreachForums

    FBI Arrests BreachForums Operator ‘Pompompurin’, Slaps Cybercrime Charges

    Clop Ransomware Group Adds Hitachi Energy

    Hitachi Energy Confirms Security Incident After Clop Ransomware Adds it to Victim List

    Onex Data Exposed

    Onex Data Exposed, Linked to GoAnywhere MFT Security Incident

    Euler Finance Cyber Attack

    Euler Finance Cyber Attack Hackers Returns $165k to Victim

    Independent Living Systems Data Breach

    Independent Living Systems Data Breach Puts 4.2 Million Individuals at Risk

  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    BreachForums

    FBI Arrests BreachForums Operator ‘Pompompurin’, Slaps Cybercrime Charges

    Cybersecurity Excellence Awards

    Cybersecurity Excellence Awards: Cyble Rated Fastest Growing Cybersecurity Company

    Insider threat mitigation

    Behavioral Psychology, a Boon for Insider Risk Mitigation

    Safer Internet

    International Safer Internet Day: How Safe Are Our Teenagers Online?

    TRAI

    TRAI Asked to Involve MoD in Drafting Big Data Regulations & Policies

    cybersecurity

    Cybersecurity incidents may soon be ‘uninsurable’

    Australia

    Australia Ropes in Tech Veterans to Set Up Cyber Action Plan

    Active Directory

    Prevent Ransomware: Save the Active Directory

    Privacy Penalty Bill

    Privacy Penalty Bill: Australian Parliament Approves Heavy Fines

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business News
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    GISEC Global 2023

    GISEC Global 2023: H.E. Dr Mohamed Hamad Al-Kuwaiti Recognized for Outstanding Contributions in Advancing Global Cybersecurity

    GISEC Global 2023

    GISEC Global 2023: Knowledge Sharing, Collaboration Vital to Fend off Cyberattacks, say Experts

    Call & Contact Center Expo 2023 Las Vegas

    Call & Contact Center Expo 2023 Las Vegas

    Former BookMyShow CTO Mahesh Vandi Chalil

    Cyble Appoints Former BookMyShow CTO Mahesh Vandi Chalil as Chief Product and Technology Officer

    GISEC 2023

    GISEC 2023: Microsoft Highlights Zero Trust Approach and Mixed Reality Policing Tools

    GISEC Global 2023

    GISEC Global 2023: ‘Take the Fight to Cyber Attackers’ Urges UAE Cybersecurity Council Paper

    Cyble in Forbes List

    Cyble Recognized by Forbes as One of America’s Best Startup Employers 2023

    Cybersecurity Excellence Awards

    Cybersecurity Excellence Awards: Cyble Rated Fastest Growing Cybersecurity Company

    Cyble Among Top 50 Emerging Companies

    Cyble Among Top 50 Emerging Companies Across Governance Risk & Compliance Solutions Sector

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • EventsCyberCon
    •  Cyber Security Webinar
    • World CyberCon Middle East 2023
    • Endorsed Events
No Result
View All Result
The Cyber Express
No Result
View All Result
Home Research Sponsored Content

The Threat is Real: Cyber Security for Water Treatment Plants Demands Attention

Cyber attackers can shut down the treatment process, potentially resulting in unsafe water being distributed to the public. The threat is real.

Editorial by Editorial
January 29, 2023 - Updated on January 30, 2023
in Sponsored Content
0
Cyber Security for Water Treatment Plants
612
SHARES
3.4k
VIEWS
Share on LinkedInShare on Twitter

India has 18% of the world’s population, but only 4% of its water resources, making it among the most water-stressed in the world. However, more than 40% of the water produced in many cities is wasted before reaching the final consumer due to leaks or thefts. Thus, reducing water losses, and maintaining water quality and adequate supply are not just important for the efficiency and financial sustainability of water utilities across Indian cities but also for sustainability.

To better manage the existing water distribution network and infrastructure, and streamline the management process, urban local bodies (ULBs) are incorporating technologies such as supervisory control and data acquisition (SCADA) systems into their day-to-day operations. ULBs across the country are introducing online portals for civic services and deploying advanced treatment technologies for water monitoring and maintenance.

You might also like

No Content Available

SCADA systems have already been adopted in cities across the country. While automation has resulted in minimized water losses, ensured better quality of water, and reduced costs as well in running the plants, cyber threats are a looming danger that needs to be effectively mitigated in earnest by the authorities.

Cyber attackers can shut down the treatment process, potentially resulting in unsafe water being distributed to the public. The threat is real. In addition, attackers could also gain access to sensitive information such as login credentials and chemical formulas. It has become crucial that water treatment plants take proactive measures to protect their systems and networks from cyber attacks and have an incident response plan in place to quickly respond to any attack that may occur.

Although most cyber attacks go unreported, it is known that the number of cyber attacks on critical infrastructure, including water treatment plants, has been increasing in recent years. In the case of a cyber attack on a water treatment plant, the consequences can be severe and far-reaching. Some possible consequences include:

  • Disruption of operations: A cyber attack can disrupt the normal operation of a water treatment plant, potentially leading to unsafe water being distributed to the public.
  • Safety risks: A cyber attack can cause safety risks to workers and the public, such as by releasing harmful chemicals or altering the treatment process.
  • Financial losses: A cyber attack can result in financial losses for the water treatment plant, such as lost productivity, damage to equipment, and the cost of restoring normal operations.
  • Environmental damage: A cyber attack can lead to environmental damage, such as by releasing untreated wastewater into rivers or streams.
  • Loss of sensitive information: A cyber attack can result in the loss of sensitive information, such as login credentials and chemical formulas, which can be used for further attacks or to cause reputational damage.
  • Public health risk: A cyber attack can lead to a public health risk if the water treatment plant is unable to provide safe drinking water.
  • Reputation damage: A cyber attack can cause reputational damage to the water treatment plant, potentially leading to a loss of trust and confidence from customers and the public.

Cyber Security for Water Treatment Plants

The International Association of Water Security Professionals (IAWSP) has reported that in recent years water utilities have been affected by ransomware, phishing, and other types of cyber attacks. SCADA (Supervisory Control and Data Acquisition) networks are used to control and monitor industrial processes, including those in water treatment plants. These networks are vulnerable to a variety of cyber attacks, some of the common types include:

  • Remote code execution: This type of attack allows an attacker to execute arbitrary code on a system, potentially allowing them to take control of the system or disrupt its operation.
  • Denial of service (DoS): This type of attack is designed to flood a network or system with traffic, rendering it unavailable to legitimate users.
  • Man-in-the-middle (MitM) attacks: This type of attack involves intercepting and potentially modifying communications between devices on a network.
  • Phishing: This type of attack uses social engineering to trick users into providing sensitive information or clicking on a malicious link.
  • Ransomware: This type of attack encrypts a system’s files, making them inaccessible until a ransom is paid.
  • Advanced persistent threat (APT) attacks: These types of attacks are sophisticated and targeted, often involving multiple stages and techniques to gain access to a network and maintain a foothold over some time.
  • Malware: This type of attack involves using malicious software to gain access to a system or network, steal information, or disrupt operations.

Water treatment plants should take few basic cyber security measures to protect their systems and networks from cyber-attacks. Some of these measures include:

  • Implementing network segmentation: This involves dividing the network into smaller segments, making it more difficult for attackers to move laterally and gain access to sensitive systems.
  • Using strong authentication: This involves using multi-factor authentication (MFA) or other forms of strong authentication to prevent unauthorized access to systems and networks.
  • Keeping software and systems updated: This includes ensuring that all software and systems are up to date with the latest security patches and updates. Patch management solutions need to be deployed as one unpatched device may prove to be the weakest link and lead to breach of the whole network.
  • Conducting regular security assessments and penetration testing: This involves regularly testing the security of systems and networks to identify vulnerabilities and weaknesses that need to be addressed.
  • Developing incident response plans: This involves having a plan in place to respond to a cyber attack, including identifying key personnel, procedures, and communication protocols.
  • Implementing a monitoring system: This involves using tools like Network Management System (NMS) and SIEM (Security Information and Event Management) to monitor networks and systems for unusual activity and suspicious events.
  • Regular Employee awareness training and having a disaster recovery plan are also critical.

On approaching the industry leaders from the field of cyber security and consultants who design water treatment plants, we gained further insights. Alok Tripathi, SCADA Engineer who works for a firm who are involved in consulting government departments in India for water treatment modernization project said “SCADA OEMs are regularly reporting vulnerabilities.

For example, in 2019, the US Cyber security and Infrastructure Security Agency (CISA) reported a vulnerability in Siemens SIMATIC WinCC and PCS 7 that could allow an attacker to execute arbitrary code and take control of the system. In 2020, a security researcher from the company CyberX, reported a vulnerability in Schneider Electric’s Triconex Safety Instrumented System (SIS) that could allow an attacker to cause a denial of service (DoS) attack on the system.

Authorities are now checking whether the projects are considering cyber security from the design stage and whether the solutions comply with global and international guidelines. “

Sourish Dey, Director at Trisim Global Solutions, a cyber security solutions company shared “there is growing concern about cyber security in water treatment plants with the knowledge of attacks on critical infrastructure in India and globally. Most leading OEMs of SCADA platforms like Honeywell, ABB, Rockwell, Schnedier, and Siemens are reporting vulnerabilities.”

Shaunak Modi, Director at Trixter, a Made-in-India SIEM platform with multiple installations in smart city projects in India, opined “It’s important to note that the security of ICS systems is dependent on the security measures implemented by the end-users and not to be left to the OEMs of ICS systems. It’s important for end-users to implement robust security measures, such as network segmentation and OT security, and to stay up to date with the latest cyber security best practices and regulations.”

Sourish suggested that his company is working with cyber security companies like Trend Micro which are meant and customized for OT Security. “Not all solutions that work effectively in IT environment are suitable for security OT or SCADA networks. Companies like Trend Micro have specialized solutions that are designed to protect water treatment plants and other industrial control systems from cyber threats. They provide real-time threat detection, automated incident response, and security analytics that work effectively in OT environment.”

Share this:

  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • More
  • Click to email a link to a friend (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)

Related

Tags: Cyber Security for Water Treatment Plants
Previous Post

ALPHV/BlackCat Ransomware Gang Attacks Westmont Hospitality Group

Next Post

Critical Security Lapse, as Hackers Tap Military ICS Infrastructure

Editorial

Editorial

The Cyber Express is a publication that aims to provide the latest news and analysis about the information security industry. The news comes from a variety of sources and is updated regularly so that readers can stay up to date with the latest happenings in this rapidly growing field.

Related Posts

No Content Available
Next Post
Military

Critical Security Lapse, as Hackers Tap Military ICS Infrastructure

Latest Issue is Out. Subscribe Now

Women in Cybersecurity

Download Now

CRIL


Follow Us On Google News

Never miss an update. Subscribe!

* indicates required

Top 10 Cybersecurity Jobs

Categories

About The Cyber Express

The Cyber Express

Cyber Security News and Magazine

The Cyber Express is a handbook for all stakeholders of the internet that provides information security professionals with the latest news, updates and knowledge they need to combat cyber threats.

Follow The Cyber Express

Contact

For editorial queries: [email protected]

For marketing, PR & media partnerships: [email protected]

For media kit and digitals sales: [email protected]

For Sponsorship/Event Partnership: [email protected]

For Conferences related information: [email protected]

Our Address

We’re remote friendly, with office locations around the world:

San Francisco, Atlanta, Rome,
Dubai, Mumbai, Bangalore, Hyderabad,  Singapore, Jakarta, Sydney, and Melbourne

 

Headquarters:

The Cyber Express LLC
555 North Point Center E
Alpharetta, GA 30022, USA.

Tel: (678) 578-8838

Events: +1 (678) 578-4140

 

India Office:

Cyber Express Media Network
HD-021, 4th Floor, C Wing, Building No.4. Nesco IT Park, WE Highway, Goregaon East, Mumbai, Maharashtra, India – 4000063

Tel: (678) 578-8838

Events: +1 (678) 578-4140

Subscribe to Our Feed

RSS Feeds

Follow Us On Google News

© 2022 The Cyber Express (Cyber Security News and Magazine) | By Cyble Inc.

No Result
View All Result
  • Firewall Daily
  • Business News
  • Cyber Essentials
  • Features
  • Cyber Security Magazine
  • Events
    • World CyberCon Middle East 2023
    •  Cyber Security Webinar

© 2022 The Cyber Express (Cyber Security News and Magazine) | By Cyble Inc.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.