📌CISA’s Mayday Call: CISA, along with other federal agencies and counterparts in Canada and the UK, issued a five-page warning on May 1, 2024, to water treatment operators in North America and Europe. Apparently, they needed to be told (again) that their systems are under attack… and again Russia is to blame
📌Rudimentary Attack Techniques: These hacktivists aren’t even using sophisticated methods. They’re exploiting outdated remote access software to mess with human-machine interfaces (HMIs) and industrial control systems (ICSs). So, basically, they’re taking advantage of the fact that some facilities are stuck in the digital Stone Age.
📌Impact of Attacks: The attacks have caused «nuisance-level» impacts, such as tank overflows, which were fixed by reverting to manual controls. There has been no impact on drinking water so far, but the potential for physical threats exists but no worries, Cola is coming to save lives
Cybersecurity on a Budget: CISA’s advice for water facility operators is to:
📌Change all default passwords (because apparently, that’s still a thing).
📌Disconnect HMIs and PLCs from the public internet (who knew that was a bad idea?).
📌Implement multi-factor authentication (because now we need faceID to protect water).
📌Budget Constraints: Yes, budgets are tight, but that’s no excuse to do nothing. Basic cybersecurity practices like cyber awareness training, maintaining an accurate asset inventory, continuous threat monitoring, and vulnerability assessments can be done without breaking the bank. Even Google started in a garage
📌Hacktivist Magnet: Water and wastewater systems are prime targets because they have tight budgets, lax cybersecurity practices, and almost guaranteed publicity for even minor attacks. It’s like a 80s hacker’s dream come true.
📌Vendor Support: Nozomi Networks is here to save the day, offering solutions to help water and wastewater utilities do more with less. Because, of course, they understand OT/ICS cybersecurity better than anyone else.