In a recent development, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) responded to an active cyberattack on a water facility in western Pennsylvania, shedding light on the exploitation of Unitronics programmable logic controllers (PLCs) within the Water and Wastewater Systems (WWS) sector.
The targeted facility, identified as the Municipal Water Authority of Aliquippa, fell victim to a cyberattack where threat actors successfully exploited Unitronics PLCs. Specifically, a Unitronics Vision Series PLC with a Human Machine Interface (HMI) was compromised, allowing unauthorized access to a remote booster station serving Raccoon and Potter Townships, according to a statement from the Water ISAC.
Fortunately, the water authority promptly responded by taking the affected system offline and transitioning to manual operations. CISA reassures the public that there is currently no known risk to the municipality's drinking water or water supply.
The utility's general manager, Robert J. Bible, spoke with CNN and discussed the incident:
"It's a pain. Somebody's got to wake up at 3 in the morning and go turn on or turn off those pump stations. It's just a big inconvenience until we can get the (automated) system back up and running."
After the hackers breached the facility, a message was displayed on a monitor that Israeli-made equipment was fair game, which is what the facility used. Bible touched on the fact that their small town water treatment facility was caught in the cyber crossfire of the ongoing war in the Middle East:
"That was maybe the furthest thing from my mind. Especially for a community. We only serve 15,000 people. You wouldn't put two and two together."
The attack has been linked to CyberAv3ngers, an Iranian-backed group known for its focus on targeting Israeli water and energy sites. Recent activities reported by the group include claiming responsibility for infiltrating water treatment stations in Israel, showcasing a history of targeting critical infrastructure.
In response to this incident, CISA has issued a set of urgent recommendations for organizations in the Water and Wastewater Systems (WWS) sector to enhance their cybersecurity posture and protect against potential threats. These recommendations include:
As cybersecurity threats to critical infrastructure continue to evolve, it is crucial for organizations to proactively adopt and implement robust security measures.
The recent incident highlights the importance of securing PLCs in the WWS sector and serves as a reminder for organizations to stay vigilant, follow best practices, and collaborate with cybersecurity agencies to safeguard essential services and infrastructure.
By heeding the recommendations from CISA, water utilities can bolster their defenses and reduce the risk of future cyberattacks on vital systems.
Follow SecureWorld News for more stories related to cybersecurity.