The US government has warned its allies that state-sponsored hackers from Iran and China are increasingly targeting critical infrastructure, with the most notable attacks being water systems.
The Cybersecurity and Infrastructure Security Agency (CISA) investigated a number of Iranian attacks targeting Unitronic programmable logic controllers (PLCs) used in water utilities.
China is also focused on inspecting critical U.S. infrastructure, which officials say could be an exercise in a broader strategy in the event of a U.S.-China war.
Target the weakest link in the chain
An open letter issued by Environmental Protection Agency (EPA) Administrator Michael Regan and National Security Adviser Jake Sullivan states that “neutralizing cyberattacks could harm water and wastewater systems across the United States. “I am receiving this,” he said. These attacks can disrupt the critical lifeline of clean, safe drinking water and impose significant costs on affected communities. ”
The attack, carried out by an Iranian-backed group, did not affect the water supply of the targeted facilities, but the breach of the PLC used to control water supplies led to further attacks. If it had progressed, the attacker could have contaminated the water and caused damage. They even shut down the facility itself and shut off the city's water supply.
Bolt Typhoon is the most likely culprit in Chinese attacks on power grids, port infrastructure, and water facilities along at least one oil and gas pipeline. The letter continues, “Federal departments have high confidence that Bolt Typhoon attackers are prepositioned to disrupt critical infrastructure operations in the event of geopolitical tensions or military conflict.” I am evaluating it based on this.”
U.S. water utilities have long been popular targets for cyberattacks due to severe underfunding, low staffing levels, and a general lack of cybersecurity. The Biden administration recently announced that the burden of cybersecurity responsibility should shift to private companies, which are best positioned to reduce risk for small businesses and public institutions.
“In many cases, even basic cybersecurity precautions, such as resetting default passwords or updating software to address known vulnerabilities, are not taken, making the difference between business-as-usual and a devastating cyber attack. “This may mean,” the letter states.
via bloomberg
