Critical Infrastructure Security
,
Governance & Risk Management
,
Operational Technology (OT)
Rockwell Looks to Mitigate Cyber Risk Posed by External Hard Drives, PLC Targeting
Heavy reliance on legacy systems by the manufacturing organizations has led to cyberattacks becoming more frequent, complex and nuanced over the past two years.
See Also: Live Webinar | Generative AI: Myths, Realities and Practical Use Cases
External hard drives at industrial sites such as wastewater treatment facilities are particularly a problem, said Rockwell Automation Senior Vice President of Intelligent Devices Tessa Myers at the company’s Automation Fair conference in Boston. The devices are small, easy to conceal and look like normal devices – posing a threat (see: Verve Purchase Gives Rockwell Leg Up on Asset Identification).
One way a threat actor could wreak havoc at one of the over 16,000 wastewater treatment facilities in the United States would be by loading a Raspberry Pi computer infested with malware onto an external hard drive, said company Vice President of Global Enterprise Customer Experience Rachael Conrad. Without removable device security, any person can walk out of an industrial facility with valuable information.
A phony inspector at a wastewater treatment facility could load an external hard drive laced with malware onto the facility’s network, Conrad said. The primary goal of most cyberattacks against industrial operations is to create disruption, according to Myers. Secondary goals include ransoming the victim organization or putting communities at risk.
Insider attacks can be particularly challenging for industrial organizations since the threat actor might have the right credentials. A commonly cited water system hacking incident involves a man, formerly employed by a rural Kansas water district serving about 10,000 people, who pleaded guilty in 2022 to tampering after he had used still-active credentials for a remote desktop application to shut down the facility.
Conrad said a zero trust approach with multiple layers of protection regardless of credentials is important to ensure no one can get through without rigorous checking and validation (see: Programming, Self-Learning Crucial for Autonomous Operations).
Myers said the presence of malware at wastewater treatment facilities has the potential to threaten the water supply by causing the system to operate at less that peak efficiency or with subpar operational performance.
Curbing Cyber Risk Around Programmable Logic Controllers
If a wastewater treatment facility is able to stop the infiltration of malware, Conrad said, threat actors could ramp up attacks by targeting the facility’s programmable logic controller, an industrial computer used to automate processes. If such an attack was successful, she said, the threat actor could change the chemicals flowing through the water treatment facility.
Advanced planning, protections such as vulnerability management, and management and monitoring of programmable logic controllers can help wastewater treatment facilities contain threats effectively, Conrad said. If the wastewater treatment facility’s networks and applications are backed up, she said, they can get back up and running in a matter of seconds without any downtime.
“For disaster recovery, you want to ensure that your networks and your systems all have a clean backup in place ready to restore operations,” Myers said. “In our industry, not only minutes matter, but seconds matter. The ability to detect, stop and recover from a security incident is so critically important.”
Rockwell’s cybersecurity offerings for industrial sites have been enhanced by the acquisition of Verve, which closed Monday. Rockwell will benefit from both Verve’s vulnerability management platform – which Conrad said was built with IT-level security to address OT challenges – as well as the company’s professional services team (see: Rockwell Forges Gen AI Pact With Microsoft, Buys Cyber Firm).