CISA warned of cyber threats to the water and wastewater sector in an incident response guide published Thursday.
An incident response guide published by the U.S. Cybersecurity Agency in collaboration with the FBI and the Environmental Protection Agency provides cybersecurity best practices for water and wastewater sector (WWS) utilities and how they can work with the federal government. It outlines what you can expect to do. More than 25 organizations contributed to the report, including industrial security vendor Dragos, American Water Works Association, Trinity River Authority of Texas, Google, and more.
“Malicious cyber attackers have a variety of objectives and capabilities that can lead to widespread threat activity.Many U.S. critical infrastructure sectors, including energy, healthcare, and public health, are exposed to WWS. The sector has become a target for attacks because of its dependence on “cyber threat actors,” CISA said. guide. “When targeting U.S. WWS critical infrastructure, malicious cyber attackers are working with overarching goals that may be financially and/or politically motivated. In recent years, a variety of malicious cyber incidents have affected WWS, including but not limited to unauthorized access, ransomware.”
CISA’s incident response guide includes multiple sections. The Cybersecurity Bureau encouraged preparedness-specific efforts to share information, develop incident response plans, improve basic security hygiene in organizations, and build WWS “cyber communities.” Examples of baseline security hardening include segmenting IT and operational technology systems, maintaining consistent and adequate logging, and maintaining system backups.
CISA and the FBI have created a section dedicated to the assistance they can provide to WWS electric utilities during an incident. CISA said it can provide customized guidance, technical support, forensics and malware analysis. The FBI, on the other hand, can deploy special agents or a “Cyber Action Team” (CAT).
“Rapid Response CAT is comprised of special agents and computer scientists who specialize in cyber incident response. CAT provides investigative support and answers to critical questions that can move cases forward quickly. “We provide,” the guide says. “With advanced training in computer intrusions, forensic investigations, and malware analysis, CAT can deploy nationwide within hours to respond to major incidents.” We will be onsite within 24 hours.” 48 hours in the United States (CONUS) and 48 hours outside the continental United States (OCONUS).
This publication follows multiple attacks against WWS utility operators in recent months. For example, last month’s CISA Explained the details of the campaign It was carried out by threat actors associated with the Iranian government. The attackers used the persona “CyberAv3ngers” to exploit vulnerabilities in Unitronics Vision Series Programmable Logic Controllers to target systems belonging to utilities in multiple U.S. states. Compromised systems were defaced with the message: “You have been hacked. You are down with Israel. All ‘Made in Israel’ equipment is a legitimate target of his Cyber Av3ngers.” Unitronics is an Israeli company.
Threat Intelligence Vendor GreyNoise published The white paper “Decoding 2023: A GreyNoise Retrospective on Internet Exploitation,” released Wednesday, covers software vulnerability trends over the past 12 months. In a section dedicated to nation-state activities, the vendor called for attention to this campaign and said it continues to monitor investigations and exploitation attempts.
Bob Rudis, vice president of data science at GreyNoise, told TechTarget Editorial that while attacks on WWS utilities are a notable risk, they are not yet a major threat. He added that vendors are in the process of enhancing their telemetry to better track these types of attacks.
“I think this is something that people should be aware of. For municipalities that are trying to raise money, there’s not a lot of funding in the cyber space to do proper protection. So we just wanted to do that.” [mention it] We have included it in the report to raise awareness,” he said.
TechTarget editorial staff has contacted CISA for additional comment.
Alexander Culafi is a Boston-based information security news writer, journalist, and podcaster.