Water utilities often have few cybersecurity resources and are subject to few regulations. A failed Stuxnet-like attack on Israel’s water supply shows how dangerous that could be.
In late April, Israel’s National Cyber Directorate received reports about an attempted “major” cyberattack on its water infrastructure. According to a statement issued by the directorate, the attack consisted of “assault attempts on control and control systems of wastewater treatment plants, pumping stations and sewers.”
The directorate called on water companies to change their internet passwords, make sure their control system software is updated, and undertake other cyber hygiene measures to tighten security. The attempted attacks were unsuccessful, according to the directorate, and appeared to be coordinated. Of concern was the level of chlorine in the water supply. The directorate asked water companies look for any disruptions, particularly regarding chlorine use in the water supply.
The geopolitical nature of the attack points to actors who favor an independent Palestinian state. “It’s more likely a state actor that would be supporting them, such as the Iranians who have built quite a cyber force,” says Matt Lampe, who most recently served as CIO for Los Angeles Water and Power and is now a partner in critical infrastructure cybersecurity advisory firm Fortium Partners.[This article appeared in CSO Online. To read the rest of the article please visit here.]