Posts

White House Expands Digital Regulations for U.S. Water Supply

/in , , /by /NBC Newsby Kevin Collier

The White House launched a new cybersecurity initiative for the U.S. water supply Thursday after a handful of worrisome hacks against the sector last year.

The new initiative is designed to create a system that shares information about cyberthreats with the water sector and industry-wide basic security practices, though water facilities will not be forced to adopt any new practices.

Bryson Bort, a cybersecurity consultant for industrial systems, said it was an important first step toward more secure water infrastructure.

Full Story

Protecting Water Utilities From Cyber Threats

/in , , /by /Water & Waste Digestby Janine Nielsen

Water utilities are just the latest industry to experience high-profile cyber incidents.

Earlier this year, a hacker breached a California water treatment plant and removed programs used to clean water. In another incident that made national headlines, a hacker gained remote access to a Florida treatment plant and increased the amount of lye in the treatment process – a change that a plant employee fortunately noticed and quickly corrected.

Going back to a time when water utilities were less connected is not an option. COVID-19 demanded connected operations so employees could work remotely.

Full Story

Ransomware Attacks on Drinking Water, Wastewater Utilities Are Increasing

/in , , /by /Water Onlineby Peter Chawaga

A slew of recent attacks makes it clear that critical infrastructure like drinking water and wastewater utilities are under increasing threats from cybercriminals and bad actors. And recent revelations from authorities are demonstrating that the problem may be even worse than previously known.

Full Story

Agencies Warn of Cyber Threats to Water, Wastewater Systems

/in , , /by /The Hillby Maggie Miller

A coalition of federal agencies on Thursday warned that hackers are targeting the water and wastewater treatment sectors, strongly recommending that organizations take steps to protect themselves.

In a joint advisory, the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the Environmental Protection Agency (EPA) and the National Security Agency (NSA) warned of “ongoing malicious cyber activity—by both known and unknown actors—targeting the information technology (IT) and operational technology (OT) networks, systems, and devices of U.S. Water and Wastewater Systems (WWS) Sector facilities.”

“This activity — which includes attempts to compromise system integrity via unauthorized access — threatens the ability of WWS facilities to provide clean, potable water to, and effectively manage the wastewater of, their communities,” the agencies wrote in the advisory.

Full Story

Colonial Hack Reveals Major Threats to Water Sector

/in , , /by /E&E Newsby Hannah Northey

When hackers penetrated a small water utility in North Carolina three years ago that debilitated its IT systems, operators there refused to “bow” to hackers and fork over ransom money to make the assault stop.

That 2018 cyberattack was part of what experts say is a fast-growing and evolving threat in the water sector and a glaring example of the type of attack — ransomware — that earlier this month shut down the East Coast’s largest fuel supplier, the Colonial pipeline.

Full Story

Critical Infrastructure Flaws Surface After Years of Underinvestment in Energy, Other Sectors, Analysts Say

/in , , /by /Utility Diveby David Jones

The risk to critical infrastructure is a long festering concern in the cybersecurity industry. Researchers, corporate security officers and government experts feared that energy producers, utilities and water systems lacked the manpower and investment in security.

The risk increased with the exposure of industrial control systems to the open internet and connected to IT systems through automation.

Full Story

Water Plant Cyberattack Is Wake Up Call, 20 Years in the Making

/in , , /by /Bloomberg Lawby Jake Holland and Bobby Magill

A cyberattack on a Florida water treatment plant underscores the need for strong security protections at the municipal level, attorneys and industry professionals say.

A hacker gained access to an Oldsmar, Fla. city computer on Feb. 5 and changed the level of sodium hydroxide, also known as lye, local authorities said. It isn’t yet known whether the breach originated from the U.S. or from outside the country. The Federal Bureau of Investigation is working with local authorities.

Full Story

Hack Exposes Vulnerability of Cash-Strapped US Water Plants

/in , /by /AP Newsby Frank Bajak, Alan Suderman and Tamara Lush

A hacker’s botched attempt to poison the water supply of a small Florida city is raising alarms about just how vulnerable the nation’s water systems may be to attacks by more sophisticated intruders. Treatment plants are typically cash-strapped, and lack the cybersecurity depth of the power grid and nuclear plants.

Full Story

Utilities on High Alert as Phishing Attempts, Cyber Probing Spike Related to Coronavirus

/in , , /by /Utility Diveby Robert Walton

Utilities have seen a rise in phishing attempts and scams related to the Coronavirus, officials from the Edison Electric Institute (EEI) told Utility Dive, adding that investor-owned utilities represented by the group are alert and prepared, with companies collaborating to mitigate the threat.

“Bad actors are already using COVID-19 and people’s desire for information as a phishing and malware distribution opportunity,” Jamil Jaffer, vice president for strategy and partnerships at IronNet Cybersecurity, told Utility Dive. The combination “creates softer targets across multiple sectors.”

Full Story

Phishing Campaign Continues to Target Utilities, Evolves Attack Techniques

/in , /by /Utility Diveby Robert Walton

Security firm Proofpoint on Monday revealed that what appears to be a state-sponsored hacking campaign targeting the U.S. utility sector with malware dubbed “Lookback” has continued and grown more sophisticated since it was first revealed this summer.

Proofpoint now says it has identified 17 utilities targeted from April 5 through Aug. 29, employing previously unknown techniques and with later phishing attempts using updated macros to obscure their purpose. The firm’s previous report said it had identified three targeted utilities.

Full Story