Safeguarding Water and Wastewater Facilities: A Response to Recent Cyberattacks

The recent cyberattack by an Iranian-backed hacking group known as CyberAv3ngers on the Municipal Water Authority of Aliquippa in western Pennsylvania has highlighted the critical need for robust cybersecurity measures in the water and wastewater sector.

Current intelligence indicates that CyberAv3ngers is an active group with a track record of targeting Israeli water and energy infrastructure. As of October 30, 2023, the group has claimed to have compromised ten water treatment stations in Israel and is responsible for, at the very least, this compromise in Pennsylvania. This attack, which involved the exploitation of Unitronics programmable logic controllers (PLCs), serves as a stark reminder of the vulnerabilities that exist in our nation’s critical infrastructure, mainly as we see global cyberwarfare efforts on the rise.

In response to this incident, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued several recommendations, including changing default passwords, enforcing multi-factor authentication (MFA), disconnecting PLCs from the internet, backing up logic and configurations, and applying the latest updates. While these recommendations are essential, more is needed to protect critical infrastructure, including water and wastewater facilities, from the evolving threat landscape orchestrated by cyberwarfare criminals.

The Whole-of-State Approach to Cybersecurity

The attack on the Municipal Water Authority of Aliquippa has also underscored the importance of a whole-of-state approach to cybersecurity. This approach calls for collaboration between state, local, and tribal governments to share information and resources and develop coordinated cybersecurity strategies. It also calls for the development of greater visibility into the entire connected asset ecosystem to develop cybersecurity strategies that encompass the on-the-ground reality of each body.

Armis Centrix™, the cyber exposure management platform, is crucial in supporting a whole-of-state approach to cybersecurity by providing a centralized platform for sharing asset intelligence and threat information. Our AI-powered Asset Intelligence platform enables governments and providers to see, protect, and manage their worldwide assets in real-time. It offers agencies a holistic approach to cybersecurity that can effectively safeguard critical infrastructure, including water and wastewater facilities, from cyberattacks.

Dismissing Cyber Threats: The Illusion of Impenetrability

While most water and wastewater facilities are smaller than most Enterprises, their assets, data, and potential for disruption are what cybercriminals are after. Armis recognizes the need for continuous intelligence into all connected assets, including PLCs, industrial control systems (ICS), and Internet of Things (IoT) devices. Regardless of organization size, this intelligence enables security teams to identify and remediate vulnerabilities before they can be exploited. Critical infrastructure facilities across the United States can also benefit from:

• ICS-specific threat intelligence: Armis Centrix™ provides real-time threat intelligence tailored to the unique risks water and wastewater facilities face. This intelligence helps security teams prioritize their efforts and focus on the most critical threats.
• ICS segmentation: Armis Centrix™ can help segment ICS networks to isolate critical assets from less secure networks. This segmentation can help prevent cyberattacks from spreading and causing widespread damage.
• ICS compliance: Armis Centrix™ can help water and wastewater facilities comply with various ICS cybersecurity regulations, including NERC CIP-008, NIST Cybersecurity Framework, and ISA/IEC 62443.

Conclusion

The cyberattack on the Municipal Water Authority of Aliquippa is a wake-up call for water and wastewater facilities across the United States. While CISA guidance represents an essential first step in security, more must be done. Tools that enable flexible and adaptable responses are necessary to meet the challenges of evolving threats. By adopting a holistic approach to cybersecurity that includes asset intelligence, threat detection, and response and collaborating with other government entities, water and wastewater facilities can effectively protect themselves from cyberattacks and ensure the continued delivery of safe and reliable water services.