White House Expands Digital Regulations for U.S. Water Supply

The White House launched a new cybersecurity initiative for the U.S. water supply Thursday after a handful of worrisome hacks against the sector last year.

The new initiative is designed to create a system that shares information about cyberthreats with the water sector and industry-wide basic security practices, though water facilities will not be forced to adopt any new practices.

Bryson Bort, a cybersecurity consultant for industrial systems, said it was an important first step toward more secure water infrastructure.

Protecting Water Utilities From Cyber Threats

Water utilities are just the latest industry to experience high-profile cyber incidents.

Earlier this year, a hacker breached a California water treatment plant and removed programs used to clean water. In another incident that made national headlines, a hacker gained remote access to a Florida treatment plant and increased the amount of lye in the treatment process – a change that a plant employee fortunately noticed and quickly corrected.

Going back to a time when water utilities were less connected is not an option. COVID-19 demanded connected operations so employees could work remotely.

Hackers Try to Contaminate Florida Town’s Water Supply Through Computer Breach

Hackers broke into the computer system of a facility that treats water for about 15,000 people near Tampa, Florida and sought to add a dangerous level of additive to the water supply, the Pinellas County Sheriff said on Monday.

Biden Is Eyeing Renewable Energy. So Are Hackers

President-elect Joe Biden’s rush to renewable energy may open up a host of cybersecurity dangers if more isn’t done to secure the technology from hackers.

Fast-evolving solar and wind technologies pose new risks to power grid security, especially as smaller renewable energy companies often lack resources to fight against hackers, experts warn. And a recently discovered hacking campaign targeting federal agencies and potentially hundreds of energy companies only underscores the scale of the challenge.

Phishing Campaign Continues to Target Utilities, Evolves Attack Techniques

Security firm Proofpoint on Monday revealed that what appears to be a state-sponsored hacking campaign targeting the U.S. utility sector with malware dubbed “Lookback” has continued and grown more sophisticated since it was first revealed this summer.

Proofpoint now says it has identified 17 utilities targeted from April 5 through Aug. 29, employing previously unknown techniques and with later phishing attempts using updated macros to obscure their purpose. The firm’s previous report said it had identified three targeted utilities.

Foreign Hackers Impersonated Professional Licensing Board In Attack On Utilities

Security firm Proofpoint on Thursday said it uncovered an “advanced phishing campaign” that specifically targeted U.S. utility companies by impersonating an engineering licensing board. The firm said emails sent between July 19 and July 25 went to three utilities, which it declined to name. Messages purporting to be from the U.S. National Council of Examiners for Engineering and Surveying contained a malicious attachment that utilized macros to install and run malware named “LookBack.” The attempts highlight the “continuing global risk from nation-state actors,” according to Proopoint. In June, the United States’ chief energy regulator warned the electric grid is “increasingly under attack by foreign adversaries.”