The US water facility’s OT infrastructure is under attack again
Hostile countries appear determined to damage critical US infrastructure as Russia has joined the ranks of countries like Iran and China in launching cyber attacks on water facilities.
Vulnerable operational technology (OT) used in U.S. water and energy infrastructure is a prime target for state-sponsored actors seeking to potentially poison water supplies or undermine confidence in energy reliability. go to battle.
A joint advisory from six US government agencies, the UK National Cyber Security Center and the Canadian Center for Cyber Security warns that water supplies are at risk due to unsecured OT devices.
Water versus the world
While most attacks on U.S. water facilities by Russia-affiliated groups amount only to “nuisance effects” and “limited disruption,” the joint advisory warns that there is a potential for threat actors to have significant control over certain OT environments, particularly those that are ‘insecure and misconfigured’.
Russia-affiliated groups gained access to Human Machine Interfaces (HMIs) by breaking into Internet-exposed virtual network computers (VNC) using manufacturer-issued default passwords. In 2024, Russian groups used the above method to expand the control of the water pumps to allow them to operate outside the recommended parameters, disabled the alarm systems that could recognize a potential flood and changed the access data to prevent employees of the factory would undo the changes.
Fortunately, facilities usually have manual control over internal mechanisms, with only minor tank overflows occurring before the facilities were secured. The joint advice also highlights a number of solutions for OT vulnerability, which can be found here (PDF).