CISA, the Federal Bureau of Investigation, the Environmental Protection Agency, and the National Security Agency have released a joint Cybersecurity Advisory that details ongoing cyber threats to U.S. Water and Wastewater Systems Sector.
Cybercriminals have targeted the Bay Area water supply. Similar to the Oldsmar water treatment attack in Florida, the threat actor used legitimate credentials to break into remote access tool TeamViewer. After logging in, they deleted programs that the plant used to treat drinking water.
Attacks on water systems can come in various forms, not only from pure physical threats. Having a strong and diligent workforce that emphasizes security and basic methods of cyber protection is imperative.
Bipartisan House lawmakers introduced a bill this week intended to protect critical infrastructure from cyberattacks following the latest unsuccessful attack on a Florida water treatment facility.
Hackers broke into a water treatment facility in Florida, gained access to an internal ICS platform and changed chemical levels, making the water unsafe to consume.
Agencies and authorities that provide water, wastewater and dam services don’t face the same regulatory hurdles as power utilities, but they’re also often smaller and have fewer resources, housed as they generally are within municipal governments or other smaller entities.
