17837_Authority_Oct

municipalauthorities.org | 9 W ater utilities play a critical role in supporting life and economic activities, yet they face increasing threats from cyber adversaries. 1 Industrial control systems (ICS) and operational technology (OT) have become prime targets for cyber threat activity. Dragos, the world’s leading industrial cybersecurity company headquartered in Maryland, tracks numerous distinct threat groups and monitors their impact on various industries and regions. Among these sectors, water and wastewater systems are among the most vulnerable to a range of cyber attacks, which can disrupt operations and pose safety risks to their fundamental functions. The mission of Dragos is to safeguard civilization from those trying to disrupt the industrial infrastructure we depend on every day. This mission drives us to help to enable organizations that provide critical services to defend their systems from potentially destructive industrial cyber attacks. Dragos offers two free programs that are both available to the water / wastewater sector: the Community Defense Program and OT-CERT (Operational Technology – Cyber Emergency Readiness Team). Both programs are explained in detail in the second part of this article, but first it is important to understand why it is critical that water and wastewater organizations take advantage of both programs as soon as possible. The cyber threat environment in industrial networks has escalated over the past two years. The geopolitical climate has sparked increased cyber threat activity by state actors, hacktivists, and alliances between the two. In addition, ransomware attacks continue to rise exponentially against industrial organizations. The Ukraine-Russia and Israel-Hamas wars led to ongoing targeted operations against critical infrastructure in Ukraine and Russia and hacktivists have caused panic and negatively impacted the public’s perception of the resilience of critical services globally. Mounting tension between China and Taiwan engendered compromises in US utilities focused on exfiltration of sensitive information and data that are pivotal to critical operations of the utilities. The water / wastewater sector has been specifically targeted in 2023 and 2024. In November 2023, the pro-Hamas CyberAv3ngers hacktivist group, which the US government has linked to the Islamic Revolutionary Guard Corps – a branch of the Iranian Armed Forces – successfully compromised Programmable Logic Controllers (PLCs) at water utilities across North America, Europe, and Australia. The first utility attacked was in Pennsylvania. These incidents represent the first successful cyber attacks on water systems by hacktivists, leading to material impacts in at least one community with the disruption of water services spanning two days. The attacks targeted “low hanging fruit” – PLCs made by Unitronics – an Israeli company – exposed to the Internet with default passwords. In January 2024, CyberArmyofRussia_Reborn posted a video showing the manipulation of water tanks in later-confirmed attacks on two water authorities in Texas. 2 They accessed the human-machine interface (HMI) systems via known P rotecting O ur C ommunities : F ree C ybersecurity R esources for S afeguarding W ater and W astewater S ystems By Dawn Cappelli, Dragos 1 The Rising Tide of Water Utility Cyber Threats: How Dragos Shields Water Systems, https://www.dragos.com/blog/water-utility-cyber-threats/ 2 Targeting Operational Technology: The Hacktivist’s Path to Public Attention and Disruption, https://www.dragos.com/blog/hacktivist-tactics-target- ing-operational-technology/ Continued on page 58.