Cyberattacks On Water Treatment Infrastructure

Foreign hackers are targetting US water and sewage systems United States warns, pointing finger at Iran and China

The American government has warned that foreign hackers are targetting a certain section of critical infrastructure in the United States.

In a letter released on Tuesday, National Security Advisor Jake Sullivan and Environmental Protection Agency (EPA) Administrator Michael Regan issued a warning to US state governors that foreign hackers are carrying out disruptive cyberattacks against water and sewage systems throughout the country.

The letter warns that “disabling cyberattacks are striking water and wastewater systems throughout the United States. These attacks have the potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on affected communities.”

hacker hacking security data — Image credit: Sora Shimazaki/Pexels

Iran, China

The letter specifically identified two countries, namely Iran and China.

Sullivan and Regan cited a recent case in which hackers accused of acting in concert with Iran’s Revolutionary Guards had disabled a controller at a water facility where the facility had neglected to change a default manufacturer password.

The letter also pointed the finger at the Chinese hacking group dubbed ‘Volt Typhoon’ which they said had “compromised information technology of multiple critical infrastructure systems, including drinking water, in the United States and its territories.”

In May 2023 the ‘Five Eyes’ intelligence agencies, as well as tech giant Microsoft, had warned that critical infrastructure in the US was being spied upon by state sponsored Chinese hackers.

five eyes hacking security — From left to right: Australian Security Intelligence Organisation Director-General Mike Burgess, Canadian Security Intelligence Service Director David Vigneault, FBI Director Christopher Wray, New Zealand Security Intelligence Service Director-General of Security and Chief Executive Andrew Hampton, and MI5 Director General Ken McCallum at the Emerging Technology and Securing Innovation Summit in Palo Alto, California, on 16 October, 2023. Image credit: FBI

“Federal departments and agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves to disrupt critical infrastructure operations in the event of geopolitical tensions and/or military conflicts,” the letter added.

Critical infrastructure

“Drinking water and wastewater systems are an attractive target for cyberattacks because they are a lifeline critical infrastructure sector but often lack the resources and technical capacity to adopt rigorous cybersecurity practices,” the letter added.

China’s Embassy in Washington and Iran’s mission to the United Nations did not immediately return a message seeking comment, Reuters reported.

Both countries have in the past denied carrying out cyberattacks.

The letter called on governors to “ensure that all water systems in your state comprehensively assess their current cybersecurity practices” and prepare for potential cyber incidents.

Water attacks

Cyberattacks against water treatment plants have been ongoing for a while now.

In 2016 for example a report from Verizon found at least one example where hackers were able to access the computer systems of a water treatment plant and affect the treating process, exposing people to potential health risks by drinking polluted water.

Officials at the unnamed water utility were able to able to identify and reverse the chemical and flow changes in time.

In February 2021 an even more dangerous cyberattack on a water utility came to light, when officials of the US city of Oldsmar in Florida revealed that a hacker had gained access to the water system of the city and had tried to pump in a “dangerous” amount of a chemical.

The hacker had gained access to an internal ICS platform and briefly increased the amount of sodium hydroxide (lye) in Oldsmar’s water treatment system.

Sodium hydroxide is highly corrosive and is often used in drain cleaners. It can cause irritation to the skin and eyes, along with temporary loss of hair. However swallowing it can cause damage to the mouth, throat and stomach, and trigger vomiting, nausea and diarrhoea.

Thankfully for all concerned, a worker spotted the attack and reversed the action, but the consequences of the attack could have been very serious.

And British utilities should also be concerned.

In August 2022 the Clop ransomware gang had claimed on the dark web that they had accessed the SCADA systems (which control industrial processes at treatment plants) of Thames Water.

Thames Water is the UK’s largest water supplier and wastewater treatment provider, serving Greater London and areas surrounding river Thames (roughly 15 million customers).

But the Clop hackers were mistaken, and they had actually compromised the SCADA systems belonging to a water supplier in the Midlands, namely South Staffordshire Water, which supplies water to 1.6 million customers.

South Staffordshire Water confirmed it was the one that had been breached, when it issued a statement on its website.

Read also : Russia Already Meddling In US Election, Microsoft Warns