17837_Authority_Oct

58 The Authority | October 2024 vulnerabilities in Virtual Network Computing (VNC) technology and changed setpoints that regulate water tank pressure. This group has since claimed responsibility on its Telegram channel for subsequent attacks across the United States, Poland, and France. Not to be overlooked in the criminal element: ransomware attacks against industrial organizations, including water and wastewater, continue to rise – up 50% in 2023 compared to 2022. 3 In June 2024 the Office of the Director of National Intelligence released a report detailing reported cyber attacks on US Industrial Control systems between November 23, 2023 and April 22, 2024. 4 They detailed 12 cyber attacks against water and wastewater systems in 11 different states during that five month period: eight by the Cyber Av3ngers, and four by a “Pro-Russia Hacktivist”. Why is the water sector being targeted? Perhaps because it presents an easy target – water utilities and wastewater treatment facilities are often small and under-resourced in terms of budget as well as cyber security expertise. And water is necessary for our existence, so disruption to the water sector results in emotional panic and immediate media attention. The threat to the water sector is likely to increase, not decrease, in the coming months and years. The threat is clear, and the good news is that there are free resources available to help! Free Resources for the Water Sector Community water and wastewater systems provide a critical service for public health, life safety, and industry. As a foundational element of society, water systems must be vigilantly defended from cyber adversaries. Whether it is geographically dispersed distribution or collections systems, large treatment facilities, fire protection support, or pumping operations, disruption of system operations can have significant impacts on the communities and industries they serve. To support the Dragos mission to safeguard civilization, Dragos offers two free programs that are both available to the water / wastewater sector: the Community Defense Program (CDP) and the Operational Technology – Cyber Emergency Readiness Team (OT-CERT). Community Defense Program The Dragos Community Defense Program gives US-based water, electric, and natural gas utilities with under $100M in annual revenue FREE access to Dragos products and services. The Community Defense Program includes: • Dragos Platform: gives participants the technology for visibility and monitoring in the industrial environment, including threat detection, vulnerability management, and threat hunting by Dragos experts. • Neighborhood Keeper: provides participants with a force multiplier - anonymized data from across all participating Dragos customers, including CDP participants, is aggregated and used for collective defense and community threat visibility. Protecting article continued from page 9. 3 Dragos 2023 Year in Review, https://www.dragos.com/ot-cybersecurity-year-in-review/ 4 https://www.dni.gov/files/CTIIC/documents/products/Recent_Cyber_Attacks_on_US_Infrastructure_Underscore_Vulnerability_of_Critical_US_Sys- tems-June2024.pdf