ePrivacy and GPDR Cookie Consent management by TermsFeed Privacy Generator

New CISA Report: Your Water Supply is Under Attack

January 4, 2024

Water systems are critical components of our infrastructure, supplying communities with the lifeblood needed for our daily needs. With technology advancing, there is an interconnectedness between IT and OT networks and devices, making critical infrastructure, like water facilities vulnerable to cyber attacks. Recent years have seen an uptick in cyber attacks targeting critical infrastructure, with water facilities becoming prime targets for malicious actors.

Let's examine this trend further and how other organisations can protect themselves from similar attacks. 

Rye Brook, New York (2016)

A water utility in Rye Brook fell victim to ransomware, where the hackers gained remote access to information on the status and operation of the dam, including information about the water levels and temperature, and the status of the sluice gate, which is responsible for controlling water levels and flow rates. The hackers demanded payment in Bitcoin to restore control of the systems, highlighting the financial motives behind some attacks.

Oldsmar, Florida (2021)

This highly publicised incident saw a hacker attempt to manipulate the chemical levels in the water treatment system. The cyber criminal boosted the level of sodium hydroxide, a.k.a lye, in the water supply to 100 times higher than normal, which could have caused fatal damage to lives. Fortunately, an alert operator detected some strange activity and notified his superiors before the water systems deployed water to civilians. This event raised concerns about the vulnerabilities of water facilities to remote cyber attacks.

Aliquippa, Pennsylvania (2023)

The cyber incident took place in November 2023 and affected this massive company that supplies water and other services to over 6,600 customers. The hackers gained control of a system associated with a booster station and exploited known vulnerabilities in Unitronics Vision products, which have been previously identified as potential targets for cyber threats. This incident is a reminder that cybersecurity for critical infrastructure has a long way to go before successfully safeguarding industrial systems. 

Motivations Behind Water Facility Attacks

Understanding why these attacks occur is crucial for developing effective cybersecurity strategies. The motivations can vary, but some common factors include:

  1. Financial Gain

Ransomware attacks seek financial compensation in exchange for restoring control or preventing the release of sensitive information. These attacks can cripple operations, leading organisations to consider paying the ransom to mitigate the impact.

  1. Espionage and Cyber Warfare

Nation-states may target water infrastructure for espionage or as part of cyber warfare strategies. Disrupting essential services can be a means of exerting influence or causing economic damage.

  1. Hacktivism

Some attacks are politically motivated, driven by ideologies or grievances. Hacktivist groups may target water facilities to make a statement or draw attention to specific issues.

  1. Insider Threats

Attacks may originate from within an organisation, either through intentional malice or unintentional actions. Disgruntled employees or contractors with access to critical systems can pose a significant threat.

Enhancing OT Cybersecurity for Water Facilities

To safeguard against cyber threats, water facilities must implement a robust cybersecurity strategy. Key measures include:

  • Continuous Monitoring - Regularly monitor network activities and employ intrusion detection systems to promptly identify and respond to potential threats.
  • Employee Training - Educate personnel on cybersecurity best practices, emphasising the importance of vigilance against social engineering and phishing attacks.
  • Network Segmentation - Implement network segmentation to isolate critical systems, limiting the potential impact of a cyber attack.
  • Access Controls - Enforce strong access controls and authentication mechanisms to ensure only authorised personnel can access sensitive systems.
  • Incident Response Planning - Develop and regularly update an incident response plan to effectively manage and mitigate the impact of cybersecurity incidents.

As water infrastructure is usually in a remote location, it is important to take crucial steps to eliminate any risks that could occur due to cyber attacks. MicroSec provides a solution that can help you understand your cybersecurity posture, security levels, and cyber readiness. Learning from past incidents, understanding the motivations behind attacks, and implementing proactive security measures are critical steps in safeguarding our water systems and ensuring the well-being of communities.

Schedule a demo today
Let’s have a chat to discuss your requirements and how MicroSec can start securing, protecting, and managing your IIoT devices and OT network end-to-end today.
Request Demo