Worldwide, public and private organizations are experiencing a significant uptick in cyber threats like computer viruses and data breaches. For example, in the water industry, cyber attacks can put not only utility data and facilities at risk, but also expose customers’ personal information to malicious actors.
These attacks aren't theoretical, they've already happened. A phishing email scam in 2016 set a Midwest utility company back $400,000+ in recovery and cleanup costs and interrupted their communication and billing services for a week. In 2019, a western water utility found they were locked out of important technical data by hackers who requested a ransom to unlock the files—this turned out to be their second ransomware attack in two years. The utility company decided forego the payment and took several weeks to recover their data from back-up systems. As hackers are scaling up their attacks, identifying and mitigating these types of cyber risks is mandatory for any utility or organization.
By taking advantage of automation technology, CDM Smith's new SCADA cyber automation lab can simulate network and data systems and test their resilience against cyber threats in a dynamic and isolated space.
Using these simulated systems, CDM Smith automation experts run scenarios to simulate how viruses move through a system. These scenarios demonstrate how well the system stands up against viruses and malware while also making sure it meets Risk Management Framework (RMF) and other standards. The simulations do not impact the actual system and can be performed on-site or virtually—which has been especially helpful while navigating COVID-related challenges.
"This lab allows us to simulate different types of cyber threats, develop strategies to build in security within our designs, and provide recommendations to clients to improve their cyber resiliency," explains Jim Livermore, CDM Smith's director of global information security.
Following the simulation, recommendations to implement security tools can be provided to improve a clients’ supervisory control and data acquisition (SCADA) systems. Tools are tested and recommended based on vulnerabilities detected during the simulation, RMF and other mandate requirements, and current licensing/programs in place.
To the casual observer, the space may look like a standard computer lab with desks and displays, but it is stocked full of the most current state-of-the-art hardware and software to provide safe and effective simulations. Some of the features include:
- Isolated high-speed internet connection—A separate internet connection helps automation experts safely run hack simulations.
- IDS (Intrusion Detection System) and IPS (Intrusion Prevention System)—IDSs and IPSs monitor network activity for malicious threats from outside or inside the organization.
- Dell PowerEdge Server—This high-performance server allows automation experts to run processes and access the lab from across the globe.
- Network Attached Storage (NAS)—Having NAS allows for multiple users to securely store and retrieve data.
- Palo Alto firewall—Firewalls are security systems that serve as a barrier between trusted and untrusted networks. Palo Alto is a leading cybersecurity company with next-generation products.
- Microsoft security tools—Microsoft is widely used across the industry. Having these tools accessible makes for accurate testing and realistic recommendations.
Having a dedicated cyber automation lab allows us to adapt to changing virtual environments. With this space, we can test and train against threats to our clients' SCADA systems.
In addition to supporting cybersecurity projects, the SCADA cyber automation lab enables our team to train both clients and our staff on cybersecurity and automation-related activities. The lab is also accessible to all of our automation staff across the globe as needed.