Water Treatment Facilities Urged to Secure Systems From Cyberattacks
Four government agencies have urged water and wastewater treatment facilities to protect their systems against potential cyber threats.
The FBI, Cybersecurity and Infrastructure Security Agency, Environmental Protection Agency and National Security Agency issued a joint advisory on Thursday warning water treatment infrastructure operators about ongoing malicious cyber activities that target information and operational technology networks, systems and devices. Some of the key threats to the sector are phishing emails and hackers’ efforts to exploit outdated systems, The Hill reported Thursday.
According to the advisory, compromises in treatment facilities could lead to problems in delivering potable water or issues with managing wastewater. One such event took place in the town of Oldsmar, Florida, in February. A report from Security Today revealed that the Oldsmar water facility hack lasted for a short moment, but within the timespan of the attack, the attacker was able to increase the sodium hydroxide levels to dangerous levels. An employee working at the site spotted the anomaly after over five hours.
Other water treatment entities in the states of Maine, Nevada and California also reported ransomware attacks.
The organizations recommended that infrastructure operators use risk-informed analysis to find the best mitigation techniques and technologies to spot and stop threats.
The agencies also noted that while there are no increased targeting activities to water and wastewater facilities, there is a growing cyber threat activity across the critical infrastructure sector.
Eric Goldstein, the executive assistant director for cybersecurity at CISA, said the recent spike in ransomware attacks should prompt water treatment and other critical infrastructure operators to focus on cybersecurity. He also pointed out that cyber threat defense should start long before an attack occurs, and organizations must work together to protect the nation’s network.
Tags: cybersecurity Cybersecurity and Infrastructure Security Agency Environmental Protection Agency Eric Goldstein FBI malicious activity National Security Agency The Hill wastewater treatment systems water systems