US government warns water firms to secure infrastructure at risk online
Date:
Mon, 16 Dec 2024 14:47:00 +0000
Description:
CISA and EPA are urging critical infrastructure firms to tighten up on security as hackers remain on the prowl.
FULL STORY ======================================================================CISA
and EPA released a new warning late last week They are urging Water and Wastewater firms to better protect their endpoints HMIs are particularly vulnerable, they said
The US Cybersecurity and Infrastructure Security Agency (CISA), and the Environmental Protection Agency (EPA), has issued a warning to all water facilities in the country to secure their Human Machine Interfaces (HMI) and Water and Wastewater Systems (WWS) from potential cyberattacks.
Human-Machine Interfaces (HMIs) are systems or devices that enable
interaction between humans and machines, allowing users to control and
monitor the performance of machinery, systems, or devices. They include a
wide range of technologies, such as touchscreens, control panels, and voice commands.
The two agencies said failing to protect the endpoints properly could draw in unwanted attention from cybercriminals. Active attacks
In the absence of cybersecurity controls, unauthorized users can exploit exposed HMIs in Water and Wastewater Systems to: View the contents of the HMI (including the graphical user interface, distribution system maps, event
logs, and security settings) and make unauthorized changes and potentially disrupt the facilitys water and/or wastewater treatment process, the announcement warned.
To prove their point, the agencies reminded everyone that pro-Russian hacktivists already demonstrated their capability to find and exploit internet-exposed HMIs, causing water pumps and blower equipment to exceed their normal operating parameters.
In each case, the hacktivists maxed out set points, altered other settings, turned off alarm mechanisms, and changed administrative passwords to lock out the water utility operators. These instances resulted in operational impacts at water systems and forced victims to revert to manual operations.
Although the announcement shares no names, we do know that American Water Works Company, the largest public water and wastewater utility company in the United States, suffered a cyberattack which forced it to shut down parts of its infrastructure in early October 2024.
Also, earlier in January 2024, a department in Veolia North America, a transnational company offering water, energy and waste recycling management services, suffered a ransomware attack which resulted in the theft of some personal data, and forced the company to take parts of its infrastructure offline, as well. You might also like American Water hit by cyberattack,
takes some systems offline Here's a list of the best antivirus offerings to keep your business protected These are the best endpoint protection tools right now
======================================================================
Link to news story:
https://www.techradar.com/pro/security/us-government-warns-water-firms-to-secu re-infrastructure-at-risk-online
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)