RANSOMWARE: WATER TREATMENT PLANTS COULD BE AT RISK
By Cori Marshall
This story is brought to you in part by Roving Blue Vancouver
WannaCry ransomware has been making headlines since late last week. The campaign has literally hijacked machines and data all over the world holding computer systems for ransom. What is it, what can it do, and importantly what effect can it have on water treatment?
Dan Scali, ICS Spokesperson at FireEye, said "WannaCry (aka WCry or WanaCryptor) malware is highly-prolific, self-propagating ransomware that spreads through internal networks and over the public internet by exploiting a vulnerability in Microsoft Server Message Block (SMB) protocol." Scali added that "the malware appends encrypted data files with the .WCRY extension, drops and executes a decryptor tool, and demands $300 or $600 USD (via Bitcoin) to decrypt the data."
We spoke with Mihir Kapadia, Vice President of Engineering at N-dimension Solutions, for more insight. He said that the SMB protocol vulnerability "was known to vendors, Microsoft had released a patch addressing the issue in March." Microsoft also released the patch addressing the issue in past editions of Windows.
Scali said that FireEye "has been unable to corroborate information," from reports that suggested that the ransomware had been spread through links in spam messages.
Kapadia added that "there is no definitive answer, yet, as to how WannaCry actually enters a system."
Computer systems are indispensible tools, everywhere, even in water treatment plants. Could ransomware infect the computer systems of treatment plants, and once infected what could the attackers manipulate the system to do?
Scali said that "many industrial automation systems, including those used in the water and chemical industry, use Microsoft Windows-based PCs that are vulnerable to the exploit used to propagate WannaCry."
Dan McMillan Senior Operator at the Dawson Creek Water Treatment Plant confirmed that the, plantís systems operated on a Windows-based platform. McMillan added that "the plantís terminal computers which are used to log into the data are connected to the public internet, but the "main [supervisory control and data acquisition system (SCADA)] has no access to the internet and is stand alone," meaning it has no direct connection to the web.
Scali explained that automated networks are usually protected "from other untrusted networks such as the IT network or the internet." This doesnít happen everywhere and the system can be misconfigured. Scali assured that "If industrial automation systems are left unpatched and exposed to SMB communications from untrusted networks, such as the IT network or the Internet, they are at risk of being compromised."
Should industrial control systems become infected, like systems in water treatment plants, "the machine may not be able to do its function on the industrial network," according to Kapadia. He added that "if the core applications of the system become encrypted, it could have a widespread impact on your water network."
Both Scali, and Kapadia recommend the MS17-010 patch to protect against WannaCry.
Modern water treatment is dependent on computers in many areas to automate processes. With the ease of remote access to the systems data, using the internet, how safe are these processes and how safe is your water? The information age has created a virtual threat to the safety of drinking water. It would appear that the best way for treatment plants to ensure the delivery of safe water is to have multiple levels of cyber protection.