Our energy and water infrastructure holds up the world we know, but very few understand how delicate it can be. There is a constant demand to monitor and protect this infrastructure, whose components often have been running nonstop for decades, with few understanding how they work. This hole in the safety net that protects these systems must be repaired.
In the United States and Canada, the electric grid is divided into a few major and a handful of minor interconnects. These grids use synchrophasors to monitor real-time information from various points to help keep the grid stable. These smaller devices, along with the far more visible stations that distribute the power, are critical and must be protected. If a unit started to report invalid data, it could trigger changes to grid operation, potentially resulting in power being directed to areas that cannot handle it and away from areas that need it.
Many components of the grid are networked and remotely monitored, often with devices in which security takes a back seat to operations. Even if the devices are not secure on their own, they can be made reasonably secure with additional protections or mitigations. For example, a site-to-site VPN or TLS gateway can keep a human-machine interface (HMI) from being exposed over an unsecured network. This is true even if that HMI is not capable of running the necessary security controls. An architecture review can find points of insertion for beneficial controls without disrupting the operation of legacy devices that keep the lights on.
Our water supply is often taken as a given in North America. We have a fairly reliable system and safe water in most areas. However, it’s not immune to the issues pervasive in system security. Even among those aware of the need to keep the water pumping, many are oblivious to the waste treatment that occurs on materials flowing back into our water supply.
Treatment facilities have complex industrial controls, using a combination of mechanical filters, reverse osmosis, centrifuges, and monitors to ensure that waste is disposed of and the water leaving the facility is clean. However, these systems often lie ignored on facility floors, running with default passwords or exposed interfaces. The same mitigations as for the electric grid can be put into place in the water supply system, but again, there’s a bigger issue to address.
Our infrastructure can be patched and stood up in place with effort. However, a more meaningful solution would be to start building security into these industrial controls and processes from the beginning. Currently, if a PLC receives a signal on a protocol such as Modbus, it will generally honor it without regard for where it may have come from. This makes sense on edge devices like analog inputs to sensors—if you’re local to the sensor, it’s already game over—but many of these PLCs now communicate with some form of IP or via a networked gateway.
HMIs, which control the process with human interactions, have implemented some security measures or can be run on machines hosting such protections. However, we must extend protection past HMIs and start putting security into lower levels, such as PLCs.