Cybercrime is by no means new. But now, attackers are getting even more sophisticated – targeting operational technology (OT) infrastructure. From tampering with production lines to meddling with water treatment plans, these attacks can have grave consequences.

Here’s what you need to know to keep your council, staff and community safe.

Cybercrime has expanded into new territory

Until now, cybercrime has predominantly encompassed social engineering and ransomware attacks.

These incidents are essentially privacy breaches, where hackers acquire internal data – such as records, employee information or business secrets. Although they’re messy and costly to remedy, the path of destruction ends at the organisation’s front door.

But now?

Cybercrime is going a lot further. And the stakes are much higher. Hackers are using software that’s not just designed to steal data, but rather, to infect entire operational systems.

These sophisticated attacks on infrastructure can have significant safety, social and economic consequences – that extend beyond a business, and into the community.

What do these attacks look like?

We can see the devastation these attacks pose by looking at some recent examples.

In June 2020, a cybercrime was performed against Israel’s water supply with attackers attempting to increase chlorine levels and poison residents.

Although the attack was unsuccessful, it had the potential to shut down the pump and leave thousands without safe water during a heatwave.

Around the same time, global auto manufacturing giant, Honda, had to close its doors for a day – due to a virus infiltrating its computer networks. Hackers affected its inspection system, a vital tool used to safety-check cars. Production factories in India, Brazil, Turkey, Japan and the US were all impacted.

Systems most at risk

The types of systems at risk from hacking are diverse.

Essentially, the most vulnerable systems are those where malfunction would create disturbing consequences – such as physical harm, a horrific fire, or environmental destruction. These include:

  • Fire safety equipment
  • Security systems
  • Transportation systems
  • Scientific equipment
  • Remote monitoring
  • Lighting controls and energy monitoring
  • Equipment sensors

The potential for destruction is frightening to imagine.

Why is operational technology (OT) so vulnerable?

A lot of OT has been around for over 20 years. This means it simply wasn’t built with the security functionality needed to ward off today’s cyberthreats.

These types of older technologies also require older hardware and software to support it, which are not typically supported by vendors.

Additionally, OT systems have been unintentionally impaired from corporate networks increasing connectivity. As personal PCs now join an organisation’s IT environment and help manage OT systems, they’ve become a major vulnerability for cyberattacks.

With the increase of remote working and employees using private laptops, the likelihood of such systems being attacked is even greater.

What can your council do to protect itself?

Luckily, we haven’t seen these attacks in local councils in Australia yet. However, with the escalation of such crimes internationally, we need to be weary – and on alert.

Here are the best practices to reduce attacks and protect your council:

  • Implement secure remote access methods
  • Use network segmentation and apply firewalls between critical networks and systems
  • Ensure your organisation and its vendors have clear responsibilities for addressing cybersecurity risk through the OT lifecycle
  • Keep an inventory of operational systems and remove exposure of these systems to external networks
  • Use strong passwords and multi-factor authentication or privileged access management solutions
  • Implement threat intelligence feeds from your OT vendors to stay on top of new risks
  • Enforce strict policies on mobile devices connecting to OT systems or network zones
  • Establish an employee cybersecurity training program
  • Develop a Business Continuity Plan to prepare for a significant disruption

To learn more about these sophisticated attacks and what your council can do, speak to your Statewide Mutual Risk Manager. Or call us on (02) 9320 2726.

© Copyright 2020 JLT Risk Solutions Pty Ltd – ABN 69 009 098 864 AFS Licence No: 226827