Oct 18– Four federal agencies warn that the US water infrastructure is at risk of a cyber attack. An advisory was released last week concerning malicious cyber activities by both “known and unknown” threat actors. Attacks could potentially occur on both information technology (IT) and operational technology (OT) systems.
According to the advisory released, five water facility-related intrusions occurred between 2019 and 2021. Water system attacks primarily involve access credential compromise and insider threats. Attackers may look to exploit unsupported operating systems or software, they may also exploit control system devices with vulnerable firmware versions, or they may launch targeted phishing campaigns to deliver malicious payloads or ransomware.
Federal agencies advise facilities to begin risk-informed analyses to determine applicable technical and non-technical mitigations. In addition, experts recommend:
- Fostering a culture of cyber prepairdness
- Implementing zero-trust principles and technologies
- Regularly patching and updating software
- Creating regular data backups
For more on this story read FBI, NSA, CISA and EPA warn of drinking water system compromise. To get cutting-edge insights, analysis and resources in your inbox each week, sign up for the Cyber Talk newsletter.