By Peter Chawaga
A slew of recent attacks makes it clear that critical infrastructure like drinking water and wastewater utilities are under increasing threats from cybercriminals and bad actors. And recent revelations from authorities are demonstrating that the problem may be even worse than previously known.
“U.S. authorities said … that four ransomware attacks had penetrated water and wastewater facilities in the past year, and they wanted similar plants to check for signs of intrusions and take other precautions,” Reuters reported, citing an alert from the Cybersecurity and Infrastructure Security Agency (CISA). “CISA said that it was seeing increasing attacks on many forms of critical infrastructure, in line with those on the water plants.”
Recent hacking attacks have gotten dangerously close to poisoning drinking water in Florida, the Bay Area, and Baltimore. Most recently, hackers mounted attacks against wastewater facilities in Maine and California as well.
“Attacks at an unnamed Maine wastewater facility three months ago and one in California in August moved past desktop computers and paralyzed the specialized supervisory control and data acquisition (SCADA) devices that issue mechanical commands to the equipment,” per Reuters. “The Maine system had to turn to manual controls, according to the alert co-signed by the FBI, National Security Agency and Environmental Protection Agency.”
The increase in cyberattacks against these most critical facilities has prompted federal action, including vows from President Biden to better protect water systems. But ultimately, it may be up to drinking water and wastewater treatment utilities themselves to take additional measures to stave off such attacks.
“Water treatment plants tend to invest in physical infrastructure rather than IT resources, and tend to use outdated versions of software, both of which leave them susceptible to attack,” Wired reported, referencing the recent CISA alert. “The joint FBI/CISA/NSA/EPA memo gives new detail into how many confirmed attacks have taken place in recent months, and it offers some guidance for critical infrastructure operators on how not to be the next victim.”
To read more about how critical infrastructure like drinking water and wastewater utilities can protect against cyberattack, visit Water Online’s Resiliency Solutions Center.