Hacked fuel tank gauges can lead to dangerous situations: In another incident reported by the Canadian Centre for Cyber Security, attackers accessed an internet-exposed automated tank gauge (ATG) belonging to a Canadian oil and gas company and manipulated its values, triggering false alarms.ATGs are used to monitor fuel level, pressure, and temperature inside fuel tanks. They are also designed to detect potential leaks and trigger countermeasures, and are deployed at gas stations, power plants, airports, and even military bases. Last year, researchers disclosed critical and high-severity vulnerabilities in six ATG models from five manufacturers and noted that more than 6,000 ATGs were directly exposed to the internet without authentication at that time.
Food supply can also be impacted: A third incident noted by the Canadian government agency involved equipment controlling temperature and humidity levels in a grain-drying silo belonging to a Canadian farm. The manipulation of these levels could have resulted in potentially unsafe conditions if they hadn’t been caught in time.These incidents highlight the variety of organizations, industries, and installations that could be impacted by opportunistic hackers, sometimes with serious potential consequences for human safety and health. The increase in hacktivist activity against ICS also prompted the US Cybersecurity and Infrastructure Security Agency (CISA), along with other government agencies, to issue an alert to operational technology (OT) asset owners last year.Organizations have a legitimate need to remotely manage and monitor their industrial control systems. However, this should be done through secure and tested protocols such as VPNs with multi-factor authentication, rather than exposing control interfaces directly to the internet. This applies to programmable logic controllers (PLCs), remote terminal units (RTUs), supervisory control and data acquisition (SCADA) systems, human-machine interfaces (HMIs), safety instrumented systems (SIS), building management systems (BMS), and industrial internet of things (IIoT) devices.”Provincial and territorial governments are encouraged to coordinate with municipalities and organizations within their jurisdictions to ensure all services are properly inventoried, documented, and protected,” the Canadian Centre for Cyber Security said in its alert. “This is especially true for sectors where regulatory oversight does not cover cybersecurity, such as water, food, or manufacturing.”The agency’s alert contains links to multiple documents with both general and ICS-specific security guidance.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4082752/hacktivists-increasingly-target-industrial-control-systems-canada-cyber-centre-warns.html
