Top White House cyber aide says recent Iran hack on water system is call to tighten cybersecurity

WASHINGTON — A senior White House national security official said recent cyberattacks by Iranian hackers on U.S. water authorities — as well as a separate wave of ransomware attacks on the health care industry — should be seen as a call to action from utilities and industry to tighten cybersecurity .

Deputy National Security Advisor Anne Neuberger said in an interview Friday that recent attacks on multiple U.S. organizations by the Iranian hacker group “Cyber ​​Avengers” were “unsophisticated” and had “minimal impact” on operations. But according to Neuberger, the attacks offered perspective. new warning that US companies and critical infrastructure operators are “facing persistent and capable cyber attacks from hostile nations and criminals” that are not going away.

“Some pretty fundamental practices would have made a big difference there,” said Neuberger, who serves as President Joe Biden's top adviser on cyber and emerging technology issues. “We have to lock our digital doors. There are significant criminal threats, as well as capable countries – but especially criminal threats – that are costing our economy dearly.”

The hackers, who U.S. and Israeli officials say are linked to Tehran's Islamic Revolutionary Guard Corps, breached multiple organizations in several states, including a small municipal water authority in the western Pennsylvania city of Aliquippa. The hackers said they specifically targeted organizations using programmable logic controllers from Israeli company Unitronics, which are often used by water and water treatment companies.

Matthew Mottes, the chairman of the Aliquippa Municipal Water Authority, which discovered it had been hacked on Nov. 25, said federal officials told him the same group had also breached four other utilities and an aquarium.

The Aliquippa hack prompted workers to temporarily stop pumping at a remote station that controls water pressure for two nearby towns, causing crews to switch to manual controls.

The hacks, which authorities say began on November 22, come as already tense tensions between the US and Iran have increased over the two-month war between Israel and Hamas. The White House said Tehran has backed Houthi rebels in Yemen who have carried out attacks on commercial ships and threatened US warships in the Red Sea.

Iran is the main sponsor of both Hamas, the militant group that controls Gaza, and the Houthi rebels in Yemen.

The US has said it has discovered no information that Iran was directly involved in Hamas's October 7 attack on Israel, which prompted the Israeli army's massive retaliatory operation in Gaza. But the Biden administration has increasingly expressed concern that Iran is trying to widen the Israeli-Hamas conflict through proxy groups and publicly warned Tehran about the Houthi rebels' attacks.

“They're the ones with their fingers on the trigger,” White House national security adviser Jake Sullivan told reporters earlier this week. “But that weapon – the weapons here are supplied by Iran. And Iran, in our view, is the ultimate party responsible for this.”

Neuberger declined to comment on whether the recent cyberattack by the Iranian hacker group could lead to more hacks by Tehran on U.S. infrastructure and businesses. Still, she said the moment underscored the need to ramp up cybersecurity efforts.

The Iranian “Cyber ​​Avengers” attack came after a federal appeals court decision in October prompted the EPA to withdraw a rule that would have required U.S. public water systems to include cybersecurity testing in their regular federally mandated audits. The reversal was prompted by a federal appeals court decision in a case brought by Missouri, Arkansas and Iowa, and joined by a water utility trade group.

Neuberger said the measures laid out in the deleted rule to improve the cybersecurity of water systems “could have identified vulnerabilities that have been targeted in recent weeks.”

The government unveiled a comprehensive cybersecurity plan earlier this year that called for strengthening protections for critical sectors and holding software companies legally liable if their products fail to meet basic standards.

Neuberger also noted that recent criminal ransomware attacks have devastated healthcare systems. He argues that these attacks underscore the need for government and industry to take steps to tighten cybersecurity.

A recent attack targeting Ardent Health Services prompted the health care chain, which operates 30 hospitals in six states, to divert patients from some emergency departments to other hospitals while postponing certain elective procedures. Ardent said it had to take its network offline after the Nov. 23 cyberattack.

A recent global survey from cybersecurity firm Sophos found that nearly two-thirds of healthcare organizations were hit by ransomware attacks in the year ending March, a doubling from two years earlier but a slight decline from 2022.

“The president has made it a priority. We spread useful information. We provide advice,” Neuberger said. “And we really need the partnership of state and local governments and companies that operate critical services to quickly heed and implement that advice.”

—

Associated Press writers Frank Bajak in Boston and Marc Levy in Harrisburg, Pennsylvania, contributed reporting.