Plena Solutions Ltd. Newsletter
November 2024
Highlights of this edition:
· In today's connected world, there is a deep connection between digital and physical security, especially for critical infrastructure including energy andtransportation.
· Energy and transportation systems face growing threats from attacks that combine both cyber and physical elements.
· This newsletter explores how cybersecurity and physical protection work together to defend critical infrastructure.
Content of this Newsletter:
o Top Cyber risks to physical critical infrastructure.
o Recent examples of physical attacks on critical infrastructure involving cyber elements.
o Key cyber protections that every critical infrastructure site should implement.
We are pleased to share the November 2024 edition of our newsletter, designed to provide business and cybersecurity leaders in the Eastern and Southern African region with insights on cybersecurity and risk-related topics. Our goal is to help our community of leaders protect and maintain the integrity of their organizations.
Plena SolutionsLtd. is a cybersecurity solutions provider, with a primary focus on addressing the needs and challenges of organizations from the private and public sectors in Eastern and Southern Africa. With offices in Kenya and Israel and activity across Eastern and Southern Africa, we combine deep local insights, experience, expertise, and global top-notch cybersecurity technologies & solutions. We serve as our clients’ trusted advisor and implementation partner on risk and cybersecurity topics, helping them keep safe and ahead of any cyber threat.
A. Cyber Threats are MajorThreats to Physical Infrastructure
The merging of cyber and physical systems in critical infrastructure has created new types of threats. Hackers and state-backed groups can now do more than just steal data or disrupt online services. They can manipulate control systems to cause physical damage or gain unauthorized access to secure areas.
Top threats include:
1. Vulnerability ofOperational Technology (OT) Systems
OT systems are increasingly interconnected withIT networks, which expands their attack surface. Major components of any critical infrastructure site operate on OT systems. Cyberattacks that infiltrateOT systems can disrupt physical operations like water supply, energy distribution, or transport logistics.
2. Ransomware Attacks
Ransomware can target critical infrastructure, leading to physical shutdowns, as seen in many recent incidents, a few of them are mentioned below. As part of ransomware attacks, attackers would typically lock systems that control physical processes, and demand ransom to restore operations.
3. Insider Threats
Dissatisfied employees or contractors with physical access to facilities can combine physical sabotage with cyber techniques, such as disabling alarms, security cameras, or breaching firewalls, to facilitate unauthorized access or damage to infrastructure.
4. Supply Chain Attacks
Attackers can target suppliers or contractors providing services to critical infrastructure. Compromised hardware, software, or remote access tools used by third parties could be leveraged to disrupt physical operations.
5. Remote Access Exploitation
With the increasing use of remote management tools for IT and OT systems, attackers can exploit poorly secured remote access points to take control of physical processes from afar, as in the Oldsmar water treatment plant attack mentioned below.
6. DDoS (Distributed Denial of Service) Attacks on Physical Systems
By flooding network systems with traffic, attackers can disable critical online services, which may lead to the failure of physical systems, such as electrical grids, traffic lights, or security systems.
7. Manipulation of Safety Systems
Targeting safety mechanisms in physical systems(such as fire suppression, emergency shut-offs, or gas sensors) can lead to dangerous physical conditions or prevent appropriate responses in emergencies.
All of the risks mentioned above, highlight the deep connectivity between cybersecurity and physical protection in any planning of defense of critical infrastructure.
B. Recent Cyber-Enabled PhysicalAttacks on Critical Infrastructure
· The threat of cyber-enabled physical intrusions is real, and critical infrastructure operators worldwide are dealing with it. Here are three recent incidents from that show examples of how severe and sophisticated these attacks can be:
1. Ransomware attack on the Port of Nagoya, Japan (2023)
· In July 2023, the Port of Nagoya, Japan’s largest and most critical port, that handles two million containers and 165million cargo tonnage annually, including operations of Toyota MotorCorporation for car exports, was hit by a ransomware attack carried out by theLockBit 3.0 group.
· The attack specifically targeted the NagoyaUnited Terminal System (NUTS), the software responsible for operating the port's five cargo terminals. The breach occurred when a ransom note appeared on the office printer of the Nagoya Harbor Transportation Authority, signaling that LockBit had seized control of the system.
· The entry point into the system remains unclear, however the physical impact was immediate and severe, with all loading and unloading of containers suspended, leading to congestion as trailers queued for access. The port resumed partial operations two days later, but the delay affected approximately 10% of Japan’s overall trade.
2. Attack on Australian port operator (November 2023)
· In November 2023, a large Australian port operator, DP world was a victim of a cyberattack. The attack targeted the operator's IT and operational systems, specifically the ones managing its container terminals across Melbourne, Sydney, Brisbane, and Perth.
· Hackers gained unauthorized access toDP World’s network, forcing the company to disconnect from the internet to prevent further intrusion. This decision, however, caused critical systems responsible for handling cargo to go offline, leading to a complete halt in port operations for three days.
· During this time, 30,000 containers were stuck at the terminals, and trucks were unable to move goods in or out.The attack severely impacted Australia's freight movement, which is heavily reliant on these ports, affecting around 40% of the nation's trade. Although the systems were gradually restored, some disruptions persisted during the recovery phase.
3. Attack on Water Treatment Facility in Oldsmar, Florida,USA (2021)
· InFebruary 2021, a water treatment plant in Oldsmar, Florida, experienced a cyber-physical attack where hackers remotely accessed the plant’s control systems via TeamViewer, a remote access software used for screen sharing and remote IT support. The attackers increased the amount of sodium hydroxide (lye)in the water to dangerous levels, potentially putting public health at risk.The plant's operational technology (OT) was compromised, and the attackers used the interface to alter chemical levels.
· During the attack, the hackers briefly disabled alarms and monitoring systems, making it harder for operators to detect the changes. Fortunately, an employee quickly noticed the abnormality and reversed the chemical adjustments before any harm was done to the public water supply. This incident highlighted the vulnerabilities in critical infrastructure where a cyber breach could lead to physical consequences
D. Essential CybersecuritySolutions and Best-Practices for Critical Infrastructure:
To defend against the evolving threat of cyber-enabled physical intrusions, critical infrastructure sites must implement a multi-layered security approach that bridges the gap between digital and physical protection. Here are key solutions and best practices that every critical infrastructure site should consider:
Keep IT and OT networks separate to stop attackers from spreading between them, and consider completely disconnecting critical systems from theinternet.
E. Summary
Cybersecurity and physical protection are closely linked when it comes to keeping critical infrastructure secure. As cyber threats increasingly target physical systems, sectors like transportation, water and energy need a combined approach to defense. By understanding the risks, learning from past incidents, and applying strong cybersecurity measures, we can strengthen infrastructure against evolving threats.
We at Plena Solutions are dedicated to help our clients and friends in addressing the challenge of protecting critical facilities and infrastructure from emerging threats to their cyber and physical integrity.
F. Sources and further reading:
· https://industrialcyber.co/transport/operations-at-japans-port-of-nagoya-resume-after-probable-lockbit-ransomware-attack/
· https://www.porttechnology.org/news/dp-world-australia-hit-by-cyber-attack/
· https://www.wired.com/story/oldsmar-florida-water-utility-hack/
· https://threatpost.com/florida-water-plant-hack-credentials-breach/163919/