A series of reports here at TI Safe News has the mission of showing the real dangers and losses that cyber crime can cause in the sector of utilities such as electricity, water, gas, information technology and communications (ICT).
In the last edition, having as a hook the electrical shortage in Amapá at the end of last year, we talked with industry analysts about the risks of an attack hacker in a complex structure such as the case of the National Interconnected System (SIN), which involves several companies operating in synergy in the generation, transmission and distribution of electricity in Brazil.
This time, we are going to envision what can happen if a sanitation company is hit by a cyber invasion. According to Marcelo Branquinho, CEO of TI Safe, it is not difficult to deduce how the shortage of water impacts people's lives and the functioning of society as a whole. However, the scenario could be even more drastic if the attack causes water poisoning on a large scale.
It may even look like a fictional film script, however, it is a real possibility. So much so that recently, a cyber criminal tried to contaminate the water treatment plant of an entire city in the Florida region of the United States.
The attacker was able to access the computers of the local supply concessionaire, the Oldsmar's Water Treatment Plant, and tried to increase the amount of sodium hydroxide in the water - the substance, better known as caustic soda, is used to balance the pH and becomes corrosive if used in high quantities.
But what about Brazil? Are we free from this type of crime? In the evaluation of Benedito Tourinho, manager of the Electromechanical Maintenance Engineering Department at Empresa Baiana de Águas e Saneamento (EMBASA), in companies that have a high level of automation of their water supply processes, they are more recurrent. Tourinho explains that companies in Brazil are in an intermediate situation where, despite having a certain degree of automation, the control and supervision systems are still predominantly operated by men and not by machines. “Historically, we do not have official records of attacks on water systems. However, the world is increasingly globalized and what happened in Oldsmar, Florida, is indicative of concern ”, he evaluates.
For the executive, Brazilian concessionaires present other great vulnerabilities precisely because of the absence of automated controls, but they have already begun to see this type of risk. However, they are still far from the investment ideal to protect themselves adequately. “Cybersecurity grows, especially, in the strategic planning of sanitation organizations. In the case of companies that use heavy data processing it is certainly a central theme. However, this care is still incipient in the management of industrial water supply and sewage plants ”, reveals Tourinho.
In order to guarantee the minimum safety requirements, in addition to contracting monitoring, the EMBASA manager indicates the isolation of the automation network when possible, installation of process alerts and training of the operator team to identify trends in failures.
To learn more about how to protect your automation networks from cyber intrusions visit.