1. Forum
  2. FidoNet
  3. POLITICS

  • US government warns water

    From Mike Powell@1:2320/105 to All on Tue Dec 17 09:32:00 2024
    US government warns water firms to secure infrastructure at risk online

    Date:
    Mon, 16 Dec 2024 14:47:00 +0000

    Description:
    CISA and EPA are urging critical infrastructure firms to tighten up on
    security as hackers remain on the prowl.

    FULL STORY

    The US Cybersecurity and Infrastructure Security Agency (CISA), and the Environmental Protection Agency (EPA), has issued a warning to all water facilities in the country to secure their Human Machine Interfaces (HMI) and Water and Wastewater Systems (WWS) from potential cyberattacks.

    Human-Machine Interfaces (HMIs) are systems or devices that enable
    interaction between humans and machines, allowing users to control and
    monitor the performance of machinery, systems, or devices. They include a
    wide range of technologies, such as touchscreens, control panels, and voice commands.

    The two agencies said failing to protect the endpoints properly could draw in unwanted attention from cybercriminals.

    Active attacks

    In the absence of cybersecurity controls, unauthorized users can exploit exposed HMIs in Water and Wastewater Systems to: View the contents of the HMI (including the graphical user interface, distribution system maps, event
    logs, and security settings) and make unauthorized changes and potentially disrupt the facilitys water and/or wastewater treatment process, the announcement warned.

    To prove their point, the agencies reminded everyone that pro-Russian hacktivists already demonstrated their capability to find and exploit internet-exposed HMIs, causing water pumps and blower equipment to exceed
    their normal operating parameters.

    In each case, the hacktivists maxed out set points, altered other settings, turned off alarm mechanisms, and changed administrative passwords to lock out the water utility operators. These instances resulted in operational impacts
    at water systems and forced victims to revert to manual operations.

    Although the announcement shares no names, we do know that American Water
    Works Company, the largest public water and wastewater utility company in the United States, suffered a cyberattack which forced it to shut down parts of
    its infrastructure in early October 2024.

    Also, earlier in January 2024, a department in Veolia North America, a transnational company offering water, energy and waste recycling management services, suffered a ransomware attack which resulted in the theft of some personal data, and forced the company to take parts of its infrastructure offline, as well.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/us-government-warns-water-firms-to-secu re-infrastructure-at-risk-online

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)