Cyber incursions into US water utilities
America's water systems under attack: How cyber terrorism hits resource-constrained utilities
Cyber attacks on US water systems by Iran's Revolutionary Guard raise cyber security concerns. While there was no impact on water quality, the event is seen as a warning to organizations that rely on operational technologies. Federal authorities and the EPA are working to strengthen safety, especially for small utilities at risk due to limited resources. The EPA encourages simple, low-cost security measures, such as periodically changing passwords.
Cyberattacks on U.S. water systems have led industry officials to emphasize the need to implement basic precautions when setting up online-controlled systems, such as protecting network-accessible devices and changing default passwords. The recent wave of attacks, linked to Iran's Revolutionary Guard, have targeted water infrastructure and other installations using Unitronics Vision series programmable logic controllers, underscoring the vulnerability of especially local companies with limited resources.
Targeted attacks but without direct impact on the healthiness of the water
Although the attack affected only a small number of water systems, without compromising the safety of drinking water, federal officials see it as a wake-up call for all organizations that depend on the operational technology. Eric Goldstein, executive director for cybersecurity at CISA, during a press conference, highlighted how it is essential that these entities take measures such as removing front assets from the public network, eliminating default passwords and implementing security performance objectives already outlined by CISA.
Federal work in defense of critical infrastructures
For over a year, federal agencies like CISA have worked with small utilities and local businesses to strengthen their security from the risks of ransomware and other malicious state actors. The United States has approximately 150,000 public water systems and 16,000 publicly owned wastewater systems, and 97% of these serve fewer than 10,000 customers, making them particularly at risk due to limited budgets and shortages of security personnel.
Collaboration and building cyber resilience
Recent congressional hearings have focused on the growing danger of attacks on the energy, water and healthcare sectors. The EPA had to revoke a regulation requiring safety audits due to a legal challenge won by some states. Despite this, the EPA continues to provide additional tools and is hosting a webinar on the topic of Unitronics hacks. David Travers, director of the EPA's Infrastructure and Water Security Division, urges us not to see cybersecurity as something too expensive and complex, highlighting how measures such as periodically changing passwords can make a difference at no cost.
Follow us on WhatsApp for more pills like this12/05/2023 17:57
Editorial AI