CYBER-ATTACKS ON WATER FACILITIES IN THE U.S.

Share the Post:

Cases of cyber-attacks on water facilities across the globe are starting to rise as hackers seek to control systems of wastewater treatment plants, pumping stations, and sewers.
One of such instances occurred only a few months ago when the Israeli authorities alleged that Iran was conducting a cyber-campaign targeting the country’s water and sewage facilities.
Investigations revealed that a piece of Iranian code passed through servers in the U.S. and Europe to hit Israeli’s water infrastructure. The goal wasn’t to dump anything but to alter the amount of chlorine in the water supply.
A similar incident previously occurred in the United States in 2016 when a group of amateur hackers compromised the systems of an unmanned water treatment facility and altered the levels of chlorine in the water supply meant for distribution for two months. The saving grace was that the utility company could detect the anomaly at a good time and fix it.
These incidents are a sign that we need to take water safety more seriously. However, this topic doesn’t seem to be on many people’s radar screens at the moment, and that also includes regulators and legislators, whose focus is usually on water scarcity and quality due to challenges like pollution and climate change.
Although awareness of cyber-threats is rising among water utilities, many are still not taking precautions to avoid this kind of disaster as reports reveal that an estimated 70,000 water utilities are vulnerable to attacks in the U.S. Their spending is largely focused on embracing digital connectivity to reduce costs, boost efficiencies and improve quality with very little attention paid to security.
While sensors can help monitor systems and ensure water quality, they can also be exploited by hackers for remote access into wells and water main systems because the networks are unprotected. This may invariably lead to loss of control of a system since the intruder can directly monitor it.
The water sector is a critical one for any nation, and the unavailability of proper security measures may expose more than 400 million citizens to grave consequences such as cholera, dysentery, or simply non-potable water supply.
Cybersecurity experts believe two reasons this problem persists are because of the decentralized nature of the U.S. water industry and the fact that the water sector has no regulatory requirements when it comes to cybersecurity like the electric industry. Although the WaterISAC issued some guidelines in that regard, but they are not mandatory, which explains why compliance is low among utilities.

What can be done?

It’s about time attention is paid to the water industry like it has been given to the electric grid. It may not seem like a critical situation right now but keep in mind that what triggers chaos and widespread chaos in many emergency planning exercises isn’t power outage but lack of clean water.
Government agencies working on cybersecurity in the water sector need to do more to ensure that utilities comply with the stipulated standards necessary for the protection of their networks. Also, utilities must strengthen their infrastructure so they can repel malicious attacks whenever they occur. We don’t have to wait for the wastewater systems to be compromised before we spring into action .

Related Posts

Colonial Pipeline Hack: What We Know So Far

On May 7th, Colonial Pipeline experienced a significant cyberattack that resulted in a total shutdown of its operations, leading to widespread fuel shortages. Shortly thereafter, it became evident that the incident involved ransomware, with reports indicating that the company made a payment of nearly US$5 million to the attackers, which contradicted their public statements. The cybercriminal organization, known as DarkSide, issued an atypical apology, asserting that their motive was profit rather than chaos. As Colonial Pipeline initiates the process of resuming operations, developments concerning DarkSide follow a surprising trajectory. Explore the complete narrative behind this critical cyber incident and its broader implications.

Read More

Ransomware attack halts Sierra Wireless Production Activities

Sierra Wireless, a leader in internet-of-things solutions, recently fell victim to a significant ransomware attack that brought its production activities to a standstill. The incident, which began on March 20th, not only disrupted manufacturing but also affected internal operations and the company’s website. As the team works diligently to restore systems, questions loom about the potential impact on customer data and the overall financial repercussions. With cybersecurity protocols in place, the company remains tight-lipped about the specifics of the attack. Discover how this incident reflects the growing threat of ransomware in today’s digital landscape.

Read More