720-891-1663

US Water, Other Utilities Under Attack

Unfortunately, other than the very large water and other utilities, most utilities do not have the money, manpower or desire to secure their networks. We continue to hear more stories of successful attacks.

In April a Russia-linked hacking group, the Cyber Army of Russia, claimed responsibility for an attack on a water and wastewater system in Indiana. The hackers posted a video of the breach of the Tipton Municipal Utilities. Indiana officials said that the plant was a victim of a cyberattack. The general manager of the utility said the attack was not successful. What do you believe – the video or the PR guy?

I guess you might say that the attack was not successful if the water supply was not compromised. That would not be my definition. The manager also said that the utility experienced “minimal disruption”, which says to me that the attack was successful. Credit: The Record

In January, hackers compromised the Muleshoe, Texas water system which caused a water storage tank to overflow. The city discovered the hack when someone called them to say that the tank was overflowing onto the ground below. It is an indication of how bad the problem is when the way they find out they were hacked is when a passerby called in to tell them that water was gushing out of the tank. Credit: NextGov

In late 2023, Iranian hackers breached a remote water station in Aliquippa, PA that controls water pressure for the town of 7,000. Once the utility figured out what was going on, they reverted to manual control of the system. Credit: Cyberscoop

In 2021 a hacker tried to poison a water treatment plant that serves part of the San Francisco Bay area. The hacker used the remote access password of a former employee. Once inside, the hacker deleted programs that the plant used to treat drinking water. Credit: NBC

The only good news here is that, at least for now, the hackers do not seem bent on killing people, just scaring them.

Last month the feds privately issued an alert about Pro-Russia hackers exploiting shoddy security practices at multiple US water plants. The report says that the attacks hit a wider swathe of victims that was previously documented.

The document helps explain the plea from US national security advisor Jake Sullivan in March telling water utilities to get the cybersecurity act together.

US officials say the utilities often had outdated equipment connected to the Internet, protected by weak passwords. That sounds safe to you, right?

US officials have been privately telling electric, water and other critical utilities to take equipment offline or risk being hacked.

“In each case, hacktivists maxed out set points, altered other settings, turned off alarm mechanisms, and changed administrative passwords to lock out the [water and wastewater systems] operators,” says the draft advisory.

While, unfortunately, there is not a lot that you can proactively do to protect yourself, that does not solve the problem. Likely until there is a major incident, things will continue to putter along with utility managers hoping that their utility doesn’t make the news until they move on to their next job. Credit: CNN

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *