Stronger together: working towards a green holiday season with Indegy and NU Africa

What would you rather experience this December: a ‘black festive season’, with issues and uncertainty around energy, water and other critical infrastructure, or ‘Green-for-Go’ holidays, with running water, operational communications and all the lights on?

The answer is pretty obvious, says Stefan van de Giessen, general manager: cybersecurity at value-added distributor Networks Unlimited Africa: “South Africans have been on quite an emotional roller-coaster in the past couple of years. Around the country, people have been subjected to power and water cuts and shortages, with all the related effects. For example, we have all come to realise that when the power goes out, it has potential consequential effects on optimal water supplies (1) and communications infrastructure as well (2); for example, the landline telephone systems of business organisations go down during a power outage, which in turn can overload mobile networks, as individuals turn to their mobile phones. 

"It is disheartening to think that we could have a ‘black’ holiday period if critical infrastructure issues continue to loom through the end of the year and beyond.

“On the other hand, we are known to be a resilient nation, and never more so than as represented in the recent Springbok win in the 2019 Rugby World Cup final. The South African team arguably went into the final somewhat as underdogs, but showed their opponents a truly united front and lived up to the slogan #StrongerTogether, which had been the battle cry throughout the World Cup tournament (3).

"From a business perspective, in addition to the collective joy of the nation, there are lessons that can be learned and applied.”

Van de Giessen explains that as industrial and critical infrastructure companies globally embrace the importance of being connected to the Industrial Internet of Things (IIOT), cybersecurity experts caution that companies need to protect their industrial plants from being hacked. To this end, Networks Unlimited Africa has recently partnered with Indegy, a leader in industrial cybersecurity that protects industrial control system networks from cyber threats, malicious insiders and human error.

“Indegy as a company was born from a unique combination of its founders’ talents and experience in the engineering, IT and military arenas (4),” clarifies Van de Giessen, “making it a perfect example of the ethos of being ‘stronger together’. The company was founded with a mission to bring visibility and control to critical infrastructure and industrial control systems (ICS) networks, following on from a surge in the number of hacking attempts targeting critical ICS. This, in turn, was a result of the fact that many industrial operations are running on old control systems and are very vulnerable to today’s cybercriminals, having been built before the cyber threat existed.

“These older industrial control systems were designed for operational reliability and safety, but they lack the visibility and control parameters that come with today’s newer technology. In the past decade or so, the rapid introduction of IT convergence across production and supply lines, and the way in which operational technology (OT) is automating the modern world, have together opened up new vulnerabilities for industrial infrastructure. Indegy undertakes to protect ICS from external cyber threats, malicious insiders and human error.”

Examples of these critical infrastructure vulnerabilities include the following incidents:

• In 2013, Iranian hackers breached the Bowman Avenue Dam in New York and gained control of the floodgates. While no significant damage was done, this attack was regarded as being a warning of future possibilities (5).
• In December 2015, hackers cut off the lights to 225 000 people in Ukraine, and a year later, the country’s capital, Kiev, experienced another attack, which this time cut the power in its entirety to hundreds of thousands of residents (6).
• In March 2019, an American renewable energy company was attacked by hackers and even though no significant damage was done, security experts said the attack was a wake-up call for the energy industry in that country (7).
• The Nuclear Power Corporation of India Limited recently confirmed a cyber attack on its nuclear power plant in Tamil Nadu, India, in September 2019 (8).
• In SA, the City of Johannesburg’s network was breached twice: by hackers in October, demanding a ransom to be paid in Bitcoin, and three months before that by a virus, which encrypted the City’s database and meant that consumers were briefly unable to access the Web site or buy power units (9).

“There are many more examples,” says Van de Giessen, “and, in fact, a recent report by the Ponemon Institute, which specialises in cybersecurity and privacy issues, released earlier this year, showed that critical infrastructure had been significantly breached over a two-year period (10) in the United Kingdom, the United States, Germany, Australia, Mexico and Japan. Over 700 security professionals answered the survey anonymously, and among other findings, the report showed that over half the attacks had resulted in down-time of critical systems.

“This is an astonishing, although not unsurprising, revelation. Here in SA, we believe it is imperative for state-owned entities to understand the importance of protecting themselves against external threat possibilities as well as internal human errors that result in downtime and worse. When we are dealing with critical infrastructure, we need to remember that in addition to the enormous costs of repair and replacement, loss of income and potential reputational and environmental damage, human lives can also be at risk.

“It is therefore far better to protect our critical infrastructure and strengthen operational efficiencies by factoring in desirable habits around maintenance and repairs, according to the requisite schedules. In this way, by working together, we can plan a ‘green’ rather than ‘black’ end to the year and into the future,” he concludes.

To read more on the Indegy solution, please click here:

1. https://businesstech.co.za/news/government/305938/load-shedding-to-hit-johannesburgs-water-supply/
2. https://www.afrihost.com/site/newsroom/view/how_load_shedding_may_affect_your_vumatel_connection
3. https://www.springboks.rugby/en/articles/2019/07/11/Stronger-Together\
4. https://www.indegy.com/company/
5. https://time.com/4270728/iran-cyber-attack-dam-fbi/
6. https://www.reuters.com/article/us-ukraine-cyber-attack-energy/ukraines-power-outage-was-a-cyber-attack-ukrenergo-idUSKBN1521BA
7. https://www.utilitydive.com/news/first-cyber-attack-on-solar-wind-assets-revealed-widespread-grid-weaknesse/566505/
8. https://www.washingtonpost.com/politics/2019/11/04/an-indian-nuclear-power-plant-suffered-cyberattack-heres-what-you-need-know/
9. https://ewn.co.za/2019/10/25/city-of-joburg-website-hacked-hackers-demand-over-r400k
10. https://www.bbc.com/news/technology-47812479