California’s sanitation districts are county-run public agencies focused on converting waste into resources like recycled water, energy, and recycled materials. One agency in a southern California county consists of 2 dozen independent special districts, serving more than 5 million people. The service areas cover over 800 square miles and encompass nearly 80 cities and unincorporated regions within the county.
A widening threat landscape
Public sector infrastructure, and the agencies tasked with managing it, are increasingly the targets of cyberattacks. Threat actors are zeroing in on water and wastewater facilities, attempting to compromise systems and exploit vulnerabilities. These actions have hugely dangerous implications and can lead to service outages, damages, and sabotage of water treatment operations. This means drinking water quality could be contaminated, leading to illnesses and potential loss of life.
The most notable example was just prior to the 2021 Super Bowl when a threat actor attempted to poison the drinking water of a Tampa Bay suburb.1 Similar attacks have occurred at other water treatment plants.
Given these threats, this county’s sanitation districts were facing ever-increasing cybersecurity risks, and they knew they needed a protection and mitigation plan to keep the residents of their districts safe.
Going above and beyond with managed detection and response
The sanitation district requested proposals from vendors who could offer robust detection and monitoring services. CAI partnered with LMNTRIX to provide a managed detection and response (MDR) solution that both met and exceeded the sanitation district’s expectations.
An MDR is an outsourced solution that monitors endpoints, networks, and various IT resources for security events. It provides a combination of both automation and manual tasks to identify threats and provide the “eyes on glass” on behalf of the organization. Because of the sophistication and volume of threats many organizations face, improved prevention, detection, response, and prediction capabilities are all needed. The right MDR solution will intelligently integrate and provide an adaptive system for protection, along with the ability to proactively respond to all cyber threats.
CAI provided the district with an MDR solution that met all their requirements, including:
- Continuously updated active threat intelligence
- The ability to proactively hunt and respond to threats
- The ability to contain a threat in the environment
- A dedicated incident manager to support the sanitation district
- A robust team providing regular communications to the district
- An online virtual dashboard for real-time results
- Active directory audits and recommendations for best practices
- Firewall configuration reviews
Beyond MDR, CAI provided network penetration services and other cybersecurity advisory services. Network penetration can include running scenarios to deliberately overwhelm an IT system and thereby identify potential vulnerabilities in the system and its access points. This gives cybersecurity professionals insight into how a threat actor could leverage these weak areas and vulnerabilities when crafting a sophisticated attack. These assessments not only identified critical findings but also classified them through a root cause analysis.
CAI provided the sanitation district advisory services for protection from Log4J and actively supported their incident response planning. With ongoing support available through regularly scheduled meetings with the sanitation district stakeholders, the CAI team helped address issues and concerns that could arise from threat actors across the cybersecurity landscape and assess potential impacts on the sanitation district IT environment.
Increased protection for critical infrastructure
Over a six-month period (October to April), the team reviewed more than 180,000 alerts, resulting in 28 validated events that were actioned and mitigated. The accuracy of the solution eliminated instances of false positives, ensuring that no time or resources were wasted. In addition, active directory audits were performed to recommend best practices. The teams provided quarterly updates to management with cybersecurity trends and incidents reported and resolved.
CAI continues to be a trusted cybersecurity advisor to the sanitation district, providing strategic recommendations for improving their incident response and resilience against potential cyberattacks. They’ve also been introduced to other CAI services and partners that can increase their cyber resiliency, helping them maintain stronger cybersecurity practices for the future.
The solution CAI delivered not only brought visibility to real-time threat detection but also made a significant impact on the sanitation district’s ability to improve its cybersecurity posture in the face of evolving threats.
Learn more about protecting clean drinking water with cybersecurity best practices.
Endnotes
- Evans, Jack. “Someone tried to poison Oldsmar’s water supply during hack, sheriff says.” Tampa Bay Times. February 8, 2021. https://www.tampabay.com/news/pinellas/2021/02/08/someone-tried-to-poison-oldsmars-water-supply-during-hack-sheriff-says/.↩
