Are There Holes in Our Water Treatment Plant Security?

Who’s watching our water treatment plants while foreign hackers infiltrate them? It appears those in charge have not been doing a good job of protecting our water supply. 

Recently federal officials released an advisory. It came from the U.S. National Security Agency and Department of Energy. Some media outlets got their hands on the document.

It revealed that pro-Russian hackers have breached some U.S. water plants. The advisory was critical of security practices at those plants. And it exposed the fact that cyberattacks have occurred more often than we thought.

So far, the attacks have not compromised water quality. But they have done enough damage to cause concern. And proven they can do more…

Internet Allows Hackers Access

The advisory stated this. “In each case, hacktivists maxed out set points. (And) altered other settings. (And) turned off alarm mechanisms. And changed administrative passwords to lock out the (water and wastewater systems) operators.”

Operators cut off public Internet access to their industrial computers. After discovering the breaches. And restored normal operations.

Recently U.S. officials have communicated messages to some facilities operators. Including electric utilities, water facilities, and other critical infrastructure firms.

They’ve told them to take industrial equipment off the Internet. To limit hackers’ ability to infiltrate.

Russia Linked to Breaches

The FBI and the Cybersecurity and Infrastructure Security Agency got involved. They’ve responded to facilities that “experienced limited physical disruptions” from hackers.

Among the targets of the hackers were a north Texas facility. That’s where a water tank overflowed. Another victim was an undisclosed facility in the food and agriculture sector.

Who are these hackers? A group of Russian-speaking hackers claimed responsibility for the breaches. They took “credit” for a cyberattack on a recent wastewater treatment plant in Indiana. They also claimed to target a French dam and a Polish water facility.

A cybersecurity firm found links between two entities. The online infrastructure used by the hackers to publicize their attack. And a unit in the Russian GRU military intelligence agency. But it is impossible to connect the hackers with the Russian government.

We’re Making It Too Easy

The biggest concern is protecting water quality. But there is also the threat of water plants losing water.

Another disturbing concern is this. The hackers are accomplishing their goals through simple attack techniques.

The advisory showed that these facilities are vulnerable. Because they use outdated equipment connected to the Internet. And they’re “protected” by weak passwords.

In other words, these facilities are making it easy for hackers. They can breach networks that handle water treatment. And other industrial operations.

Iranians Blamed for Some Attacks

The U.S. accuses Russia of harboring hackers who target American infrastructure. A charge Russia has denied.

Russian-speaking hackers are not the only ones targeting U.S. water facilities. Some American water facilities use Israeli-made industrial equipment.

Last November, hackers breached that equipment. They displayed anti-Israel slogans on computer screens. The U.S. has blamed the Iranian government for that breach.

As with many other needed infrastructure improvements, it all comes down to money. Consumers fund those community water systems. Not the federal government. Most citizens don’t want their rates to rise for any reason.

Robert Bible is the general manager of a water utility in the Pittsburgh area. Hackers breached it late last year. He warns that, “It may cost much more (than rate hikes) as far as money plus public confidence if an attack occurs.”

Governors Told to Look for Vulnerabilities

China is another suspected foreign actor in this problem. They conduct hacking operations against U.S. infrastructure. Including water facilities.

Earlier this year, the White House sent letters to every state governor. The letter cited cyberattack threats against American water facilities. From the Chinese and Iranian governments.

This communication added that such attacks could disrupt access to clean drinking water. And “impose significant costs on affected communities.”

Organizing a response, the EPA formed a Water Sector Cybersecurity Task Force. It is identifying vulnerabilities and building on recommendations.

Water Systems Are an ‘Attractive Target’

National Security Advisor Jake Sullivan signed the letter. As did EPA Administrator Michael Regan. It states the following.

“Drinking water and wastewater systems are an attractive target for cyberattacks. Because they are a lifeline-critical infrastructure sector. But (they) often lack the resources. And (the) technical capacity to adopt rigorous cybersecurity practices.”

The letter asked this of U.S. governors. Ensure that your water systems undergo examinations for vulnerabilities. 

The letter also says basic cybersecurity precautions can defend against a cyberattack. Such as resetting default passwords. And updating software to address vulnerabilities.

Turn Information Into a Solution

Some of our customers recently raised a concern about the issue of water quality. This occurred at a meeting at 4Patriots headquarters in Nashville, Tennessee.

That’s one of the reasons we chose this topic for today. We care about our customer’s needs. And we listen to what they say.

But this is not only about informing you of threats to our water supply. It’s also about offering a reliable and affordable solution.

Learn how you can protect the life-giving water you use for drinking, cooking, and cleaning.  

Comments

  • Brian - June 19, 2024

    Why the hell do these infrastructures need to be hooked up to the internet in the first place or even need computers to operate? How were they operated years ago without this technology? How come it takes a breach of security to make those in charge to wake the f**k up and secure a vital system that preventative actions should have been implemented in the first place? Remove those managers and replace them with computer nerds who actually know how to run things properly. Guess those clowns in charge and the useless eunuchs and skirts in DC don’t get it that Americas enemies will do anything to damage our necessary infrastructure.

  • Ken Kingman - June 19, 2024

    It is disconcerting to say the least that our government sends Billions of dollars to foreign nations while leaving our vital electrical, water, and roadway infrastructure decrepit and vulnerable. We must, by necessity, take matters into our own hands and prepare for the worst possible (probable?) disasters. Government will be incapable of coming to the rescue; do not wait to begin preparing!

Leave a comment

*Required Fields