U.S. drinking water faces attacks from China, Russia and Iran | Wilnesh News

The city of Wichita, Kansas recently experienced a very common experience – its water system was disrupted. Hacked. The cyberattack targeted water metering, billing and payment processing, which has hit water utilities across the United States in recent years.

In attacking America’s water resources, the hackers didn’t do anything special. Despite growing concerns about the use of artificial intelligence in cyber threats, the preferred criminal method of entering systems continues to be by exploiting human vulnerabilities, whether through phishing, social engineering or systems that still operate with default passwords— — “Old School” Cyber ​​Attacks.

A rising wave of cybercrimes targeting critical infrastructure has led the Environmental Protection Agency to issue an enforcement alert, warning that 70 percent of the water systems it inspects do not fully comply with the requirements of the Safe Drinking Water Act. EPA says some “have not quantified exact numbers”Shocking cyber security breach” — Default passwords that have not been updated, vulnerable single sign-on settings, and former employees retaining access to the system.

While the approach may be simple, an attack last year Iran-backed militant group Witt said the attacks on 12 water companies in the United States reinforced the purpose of the “attacker mentality.” The targeted utilities all contained Israeli-made equipment.

The FBI, NSA, and CISA all expressed concern

In February, the FBI warned Congress that Chinese hackers had penetrated U.S. cyber infrastructure and were seeking to cause damage, targeting water treatment plans, power grids, transportation systems and other critical infrastructure. In January, a water filtration plant in Muleshoe, a Texas town near a U.S. Air Force base, suffered a hacker attack linked to Russia that caused water tanks to overflow. “Water is one of the least mature areas when it comes to security,” Adam Isles, head of the Chertoff Group’s cybersecurity practice, recently told CNBC.

The psychological impact on the population is also a strategic target, not only in attacks on water assets, but also in the Colonial Pipeline hack that made national headlines in 2021 and, in the words of the Federal Cybersecurity and Infrastructure Security Agency, “ Cars winding their way “At gas stations across the East Coast, panicked Americans filled bags with fuel, fearing they wouldn’t be able to get to work or take their children to school. ”

Attacks on U.S. water utility IT systems can have a similar psychological impact, eroding public trust in the water supply even if the attack does not directly disrupt the utility’s operations. Stuart Madnick, professor of engineering systems at MIT and co-founder of cybersecurity at the MIT Sloan School of Management, said no hackers have cut off people’s water supplies so far, but this is a bigger problem worries.

Interfering with the water supply by attacking IT (such as Wichita’s system) is trivial compared to successfully attacking the OT (operational technology) that controls the water plant. That’s a huge risk, Madnick said, and the threat of this happening is not zero.

“We have demonstrated in the laboratory how to shut down operational facilities such as water plants, not just for hours or days, but for weeks. It is absolutely technically possible,” he said.

EPA Administrator Michael Regan and National Security Adviser Jake Sullivan recently sent a letter to governors detailing the urgency of the threat. But Mednick is cautious about the government’s ability to act quickly or forcefully enough to prevent that from happening. Budgets, outdated infrastructure, and a reluctance to address problems that seem both critical and daunting suggest that solutions may indeed not come soon enough. “This has not happened yet and until it does, no serious action will be taken to prevent it ‘could’ happen,” he said.

Outdated water technology

Like any modern system, water utilities rely on technology for monitoring, operations and customer communication. This technology creates vulnerabilities for both providers and users, creating an urgent need for enhanced security measures. “Community risks from cyberattacks include attackers taking control of the operation of systems to disrupt infrastructure, disrupt water availability or flow, or alter chemical levels, which could result in the discharge of untreated wastewater into waterways or contamination of drinking water water is provided to the community,” an EPA spokesman said.

Witt said some initial steps are needed to improve the cyber hygiene of outdated systems. He said “increased password strength, reduced exposure to public networks and the need for cybersecurity awareness training” would go a long way in strengthening defenses. Another potential solution is to deploy so-called air gap system Separate supervision and control systems from other networks. Since the easiest way to get into these systems is to obtain credentials and then exploit the system, “system administrators should not be able to access office systems such as email and operate the water system’s control panel from the same laptop,” Witt said .

According to the EPA, in most cases, attacks that have occurred were preventable. “Systems fell victim to damaging and costly cyberattacks because they failed to adopt basic cyber resiliency practices,” an EPA spokesperson said. “All drinking water and wastewater systems are at risk, regardless of size. , urban or rural,” he said.

While artificial intelligence has not been a required tool in these water utility attacks so far, it is working alongside joint cyber efforts by geopolitical adversaries. “Rapid advances in artificial intelligence are providing cyber threat actors with more sophisticated strategies, techniques and procedures to penetrate the operational technologies that control critical infrastructure,” an EPA spokesperson said. “These attacks are related to various types of malicious actors. “Related actors, including hackers acting on behalf of or supporting other nations, may exploit the disruption of U.S. critical infrastructure to gain strategic advantage.”