'Very alarming': Aliquippa's hacked water authority exposes the threat to operational technologyIndustrial control systems could be vulnerable t...

Published on December 4, 2023 02:19 by Water Network Research, Official research team of The Water Network

'Very alarming': Aliquippa's hacked water authority exposes the threat to operational technology
Industrial control systems could be vulnerable to cyber threats, the nation's top cyberdefense agency warned last week, days after a water treatment facility outside Pittsburgh was allegedly hacked by a pro-Iran cyber group.

Workers at the Municipal Water Authority of Aliquippa switched immediately to manual operations following the Saturday attack by Cyber Av3ngers, a group that has claimed responsibility for attacks on water systems in Israel.

The attack demonstrated how utility companies are more vulnerable to operational technology attacks, which may occur on dated systems that that are not routinely monitored, two Pittsburgh cybersecurity firms said. Operational technology software typically helps automate an industrial process.

"Take a Fortune 500, or any type of large manufacturer or utility — instead of breaking in through their firewalls and trying to get to their data, [hackers have] the ability to try to go in and interfere with their systems," said David Kane, CEO of Pittsburgh-based Ethical Intruder.

"I think you're gonna see a big rise in that because there's just so few protections on it."

Mr. Kane said it was "very alarming" to see an attack on the operational technology side. A related physical threat could have changed the filtration or stopped water flow altogether, he said, if the actors had a more specific target in mind. In this case, he said, it appeared the hackers were not "overly sophisticated" and targeted systems based on their manufacturer.

Cyber Av3ngers appeared to target the Aliquippa device, which was potentially using a weak default password, because it was made by Israel-based Unitronics. Water quality and supply to the nearby municipalities of Raccoon and Potter townships were not affected, local officials said, though one of its water pump stations was still operating manually by Tuesday.
https://www.post-gazette.com/business/tech-news/2023/12/02/aliquippa-water-authority-hack-technology-iran/stories/202312020019

Media

Taxonomy

Drinking Water Security
Water Security
Security
urban water security
Security