Articles about Case Studies

October 21, 2021
|

Cyber Security Month: After 20 Years – What Has Changed Since the First OT Cyber Attack?

This article is part of ATS’s four-part series highlighting the importance of Cyber Security Month – in previous pieces, we explored best practices in cyber security today and highlighted some of the most notorious cyber crime cases from the past year.

Here, we’ll take a look at the world of cyber security regulations – from the first widely publicized case of a cyber attack in 1988 to the first OT cyber attack that happened 20 years ago in Australia. Measures and policies have changed over the course of the past few decades, attempting to keep up with the continuously evolving landscape of cyber threats for OT systems.

Early Cyber Attack Examples

The Morris worm represents one of the earliest examples of a large cyber attack on an IT system that happened in 1988. Following the development of malware and industrial operational technology, it took several more years for cyber attacks on OT environments to become reality.

An early example of a devastating attack on an OT system was the Maroochy water system hack more than 20 years ago, in Australia. In March of 2000, following a series of malfunctions, both in physical equipment and the network system, an engineer discovered an RF (radio frequency) signal used to control wastewater pumping stations was being tampered with.

While the infiltration seemed, at first, to have only affected the sewage pumps (which stopped operating) the alarms never reported the transgression to the central computer. Furthermore, there was a total communications breakdown between various pumping stations and the central computer.

When the perpetrator Vitek Boden was caught and arrested, it was discovered that he had used a laptop and Supervisory Control and Data Acquisition (SCADA) equipment to tamper with and affect the work of around 150 local sewage pumping stations. Over the course of several months, millions of gallons of sewage were released into waterways and local parks, posing immense danger on public health and creating a local environmental crisis.

“Marine life died, the creek water turned black and the stench was unbearable for residents,” a representative of the Australian Environmental Protection Agency is quoted to have said at the time.

The aftermath of the attack saw the SCADA systems re-evaluated and vulnerabilities were discovered. Additionally, it became clear that one of the reasons why the attack wasn’t noticed and stopped sooner, was that the Maroochy water system had no cyber security policies or procedures in place. Not even the fundamentals, like user access control or identifying and authenticating users.

This incident sparked a flame of a wider recognition of the importance of having industrial cyber security regulations. New bills and pieces of legislation were introduced to take into consideration critical administrative, supply chain, and physical vulnerabilities. That notwithstanding, in the two decades that followed, we have seen a significant rise in the number, and types, of malware programs that target industrial OT.

A wider recognition of the importance of industrial cyber security regulations began rising in the wake of the Maroochy incident. New bills were introduced to take into consideration critical physical, administrative, and supply chain vulnerabilities.

Legislative Response

Legislative Response

In 2001 the Australian legislative framework was updated with a brand new Cybercrime Act of 2001. The Cybercrime Act sought to regulate computer offences – in all shapes and sizes – but also to utilize certain useful provisions of previous pieces of legislation that provided help in curbing cyber crime.

In addition to that, the Australian Department of Communications, Information Technology and the Arts had launched an effort to convince senior management staff members of potential risks to SCADA systems, which has included a number of logical, physical, and administrative controls for risk management.

In addition to that, Australia has its own CERT – aptly named AusCERT  – and the Australian Government has its own Australian Cyber Security Centre, which is part of the larger Australian Signals Directorate, which is itself run by the Minister of Defence.

However, more than 20 years has passed since – and we have seen a significant rise in the number and variety of malware targeting industrial OT, with yet no established singular global framework designed to combat this problem. The current state of cyber security regulation is instead unique for each country, with many lawmakers striving to shape their own defences. This is especially evident in the case of the current cyber protection policy situation in the US.

Cyber Security Regulation in the United States

While some organizations have sought to create a unified system of cyber security measures, like the European Union, the US has no unified federal law that regulates cyber security and all connected issues. Instead, individual states have their own cyber security bills, along with data breach notification laws. 

This huge, sometimes disharmonic, legislative landscape spanning all 50 states can present a strong challenge for companies and organizations that seek to do business country-wide.

In addition to this already confusing web of individual policies, the numbers of new proposed legislations keep rising. Fighting to keep up with the changing times, the US senate has introduced or considered more than 280 cyber security bills or resolutions in 2020 alone, discussing the increase of penalties for cybercriminals, regulation through insurance, creating cyber security task forces, and security training implementation.  

Some of these new bills include important federal policies such as the Internet of Things (IoT) Cybersecurity Improvement Act and the State and Local Cybersecurity Improvement Act.

Cyber Security Regulation USA

INTERNET OF THINGS CYBERSECURITY IMPROVEMENT ACT

This act became law last December, and it dictated the National Institute of Standards and Technology (NIST) and the Office of Management and Budget (OMB) to develop and issue standardized guidelines, policies and principles for US governmental agencies in terms of appropriate use and management of IoT technologies.

We’re yet to see what these sets of standards entail, and how a nation-wide implementation will be handled, but the law is a promising sign of the growing importance of IoT network security.

 

State and Local Cybersecurity Improvement Act

One more initiative centered on cyber protection of government entities was the State and Local Cybersecurity Improvement Act, which granted $400 million of funding to the Department of Homeland Security. This act also mandated the Department of Homeland Security and Infrastructure Security Agency (CISA) to create a defense in depth strategy in order to strengthen the defense of all governmental entities – whether local, state, territorial, or tribal.

In Conclusion

The growing number of cyber security regulations in recent years has fragmented policies across the USA, and created a complex web of compliance requirements, forcing each enterprise to seek out and conform to individualized standards that apply only to their own industry sector. 

An escalating number of regulations also places a significant amount of responsibility on organizations to be liable for the actions of their vendors. This is why more and more enterprises turn to cyber security solutions that are guaranteed to provide regular reports and ensure compliance.

The patchwork of legislation regarding information security, cyber security and data privacy has obviously posed a challenge to handle in the past years.

All this is expected to soon change, however. In May this year, after a particularly impactful cyber attack on Colonial Pipeline which prompted a regional state of emergency in 17 US states, President Joe Biden issued an executive order to increase the protection of government networks. 

This order, as per the White House’s press release, included the demands to:

  • Remove barriers to threat information sharing between government and the private sector
  • Modernize and implement stronger cybersecurity standards in the federal government
  • Improve software supply chain security
  • Establish a cybersecurity safety review board
  • Create a standard playbook for responding to cyber incidents
  • Improve detection of cyber security incidents on federal government networks
  • Improve investigative and remediation capabilities.

This push toward a more unified system of defence in the US government will, as many predict, have a trickle-down effect. As manufacturers and vendors will strive to meet the federal standards, it will motivate other, non-US-based companies to do the same in order to compete on the global market –  building a more standardized defence approach worldwide.

Looking for a handy resource to protect your business from cyber security issues and attacks? We’ve got you covered.

 Download ATS’s exclusive Cyber Security Fundamentals: Weakness Checklist.

ATS_cta_checklist_NEW

Related Posts

How Secure Defence Industrial Bases and Organizations From Cyber Attacks
How to Secure Defence Industrial Bases and Organizations From Cyber Attacks

During October Cyber Security Awareness Month, we brought attention to best practices in cyber security today, some of the more prominent cyber attacks during the past year, and the current state of cyber security regulations worldwide.

We chose to close this special series of articles with a look into the cyber security of defence organizations

18 Nov 2021
How ATS Delivers Top-Notch OT Cyber Security for Critical Infrastructures
How ATS Delivers Top-Notch OT Cyber Security for your Critical Infrastructures

ATS is a unit that combines creative technology, products, and services in a balanced synergy that seeks to enrich any organization or company striving for top-notch performance and efficiency in today’s modern age.

We deliver the entire telecom and OT cyber security solutions required for any firm to stay ahead of the industry and the changing times.

23 Dec 2021
Coffee Break Session Series 2 : ATS eBook on Operational Technology (OT)
Coffee Break Session Series 2: ATS eBook on Operational Technology (OT)

ATS’s first webinar in partnership with CISCO at the ATS Coffee Break Session was a huge success. Inspired by its first webinar, ATS is delighted to share the upcoming 2nd webinar, where the topic of discussion would be the ATS Operational Technology Ebook.

Operational Technology (OT) cybersecurity is the main topic of ATS’s new eBook, “ATS Operational Technology (OT) Cyber Security eBook”,

20 Jan 2022
Cyber Security Standards in the Middle East Region
Cyber Security Standards in the Middle East Region

With the massive increase of cyber crimes in the OT space, the cabinets of UAE and other selected countries in the Middle East region (Bahrain, Saudi Arabia, Qatar among others) are concerned about securing the cyber infrastructure and protecting the data from cyber criminals.

Middle East governments are acutely aware of the new threat landscape of digitization.

10 Feb 2022
How to Defend from Attackers In The OT Space
How to Defend from Attackers In The OT Space

Over the last decade, cyber-attacks on Operational Technology have increased in frequency and scale. Cyber attackers and online criminal squads have used cyberterrorism to disrupt corporations and critical infrastructure globally. Today, they are becoming even more fierce and are utilizing their resources to target Operations Technology (OT) and Industrial Control System (ICS) networks to harm humans.

17 Feb 2022
3 Benefits of a Security Fabric
Why OT Cyber Security is Critical: 3 Benefits of a Security Fabric

Operational Technology (OT) is hardware and software that detects or causes changes by directly monitoring and controlling industrial equipments, assets, processes, and events. It incorporates a comprehensive range of programmable systems or devices interacting with the physical environment.

19 Dec 2021
OT Cyber Security Threats to Watch Out in 2022
OT Cyber Security Threats to Watch Out in 2022

Operational technology (OT) systems, such as industrial control systems and SCADA, were overlooked by cyberpunks in the past. Robbing OT system data was challenging as it was not connected to external networks.

But that’s no longer the point.

24 Feb 2022
Cybersecurity Awareness Month - 5 Tips
Cybersecurity Awareness Month | 5 Tips On How To #BeCyberSmart

It’s been 18 years since the first National Cybersecurity Awareness Month (NCSAM), a campaign that was initially launched by the U.S. Department of Homeland Security and the National Cyber Security Alliance in order to empower both consumers and corporations in defending against cyber threats.

07 Oct 2021
ATS_art11_cover
CYBERCRIME EVOLUTION: 5 RANSOMWARE GANGS TO WATCH OUT IN 2021

2020 has proven to be a challenging year for cybersecurity.

While the world was in turmoil, cybercrime was on the rise – with hacker groups particularly targeting companies in insecure transitions to digital operations.

BlackFog’s recent investigation into the state of ransomware revealed shocking statistics – with the most-targeted industry being government sectors worldwide, closely followed by the education sector and the service industry.

05 Aug 2021
ATS + FORTINET partnership
ATS Achieves Fortinet’s Operational Technology Partner Specialization

ATS, one of the most trusted ICS / OT technology solution providers in the Middle East region, today announced that it has achieved Operational Technology (OT) Specialization as part of the Fortinet Engage Partner Program.

11 Nov 2021
Cyber security lessons from oldsmar water plant hack
CYBERSECURITY LESSONS: WHAT WE LEARNED FROM THE OLDSMAR WATER PLANT HACK

Cyber attacks on small municipal systems and infrastructures have been increasing in the past year, and this is a serious concern as it involves the lives of the people that these public systems serve. Earlier this year, cyber attackers accessed a water treatment plant in Oldsmar, Florida and warnings were out of sight.

27 Sep 2021
Choosing an OT Cyber Security Vendor: What to Look For
Choosing an OT Cyber Security Vendor: What to Look For

ATS is pleased to share that our webinar in partnership with Cisco at our ATS Coffee Break Sessions Series was a huge success. The plan of the webinar included the essential need for operational technology cybersecurity.

ICS/OT cybersecurity is the central topic of CISCO’s new eBook, “OT Cyber Security.”

12 Dec 2021
Top 10 OT Cyber Security Actions to Protect Critical Infrastructures from a Cyber Pandemic
Top 10 OT Cyber Security Actions to Protect Critical Infrastructures from a Cyber Pandemic

Critical infrastructure is described both physically and digitally as the root systems, assets, and strategic networks that are so critical to a country that their collapse could weaken physical safety, continuity of the economy, interruption, or national public health system.

27 Jan 2022
ATS_art3_cover
THE PRESSURE IS RISING: THE RECENT CYBER-ATTACK ON COLONIAL PIPELINE

When listing the most dangerous industrial technology malware, a recent article by Stormshield ended on an ominous note. After shortly discussing the impacts of Shamoon, Industroyer, Triton and Stuxnet on world industry and economy, the last – and most threatening – malware on their 5-point list was left unnamed and unidentified.

24 Jun 2021
ATS_art13_cover
5 BEST PRACTICES TO SECURE ICS AND OT DATABASE SYSTEMS AND ENVIRONMENT

It is vital to put in place a security plan to protect your company’s Industrial Control Systems (ICS) and Operational Technology (OT) database systems and prevent ransomware attacks that has been increasing in occurences in the past 2 years.

A study done in 2014 by ARC called “The Future of Industrial Cyber Security”, highlighted the need for a developed security plan for organizations.

02 Sep 2021