Logo

American Security Council Foundation

Back to main site

Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

FBI, NSA, CISA and EPA Issued Joint Cybersecurity Advisory on Cyber Threats Targeting Water Facilities

Friday, October 22, 2021

Categories: ASCF News Cyber Security

Comments: 0

Source: https://www.cpomagazine.com/cyber-security/fbi-nsa-cisa-and-epa-issued-joint-cybersecurity-advisory-on-cyber-threats-targeting-water-facilities/

Photo: www.cpomagazine.com

A joint cybersecurity advisory by a coalition of federal agencies warns of “ongoing malicious cyber activity” by known and unknown threat actors on U.S. Water and Wastewater Systems (WWS) Sector facilities.

Issued by the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Environmental Protection Agency (EPA), the advisory says hackers attempted to “compromise system integrity via unauthorized access.”

These attacks threatened the government’s ability to provide clean and portable drinking water and manage wastewater, according to the joint cybersecurity advisory.

However, the joint advisory clarified that it did not suggest that cyber threats against water facilities were increasing, although that was the case for critical infrastructure.

Common cyber threats facing water facilities
The cybersecurity advisory noted that known and unknown attackers targeted WWS operational technology (OT) networks, systems, and devices.

It also listed common tactics, techniques, and procedures (TTPs) used by threat actors to target water and wastewater treatment facilities.

They include spear phishing campaigns targeting employees with malicious payloads, including ransomware, through malicious links and attachments.

Threat actors also targeted unsupported or outdated operating systems and software to compromise the water facilities, the joint cybersecurity advisory noted.

Additionally, vulnerable firmware on control system devices on water systems exposed water facilities to remote cyber threats.

List of cyberattacks targeting water facilities
The cybersecurity advisory also listed several attacks, including a California-based WWS facility incident involving a Ghost malware variant in August 2021.

Similarly, a Maine-based wastewater WWS facility SCADA computer suffered a ZuCaNo ransomware attack in July 2021.

In March 2021, a Nevada-based WWS facility also suffered a ransomware attack, affecting the SCADA and backup systems.

According to the joint cybersecurity advisory, Makop ransomware also struck a New Jersey-based WWS facility in September 2020, compromising computer systems within the facility.

A former employee at a Kansas-based WWS facility also attempted to endanger drinking water safety using unrevoked access into the water facility.

Another hacker attempted to poison the water supply in Oldsmar, Florida, by increasing sodium hydroxide from 100 to 11,100 parts. Pinellas County Sheriff Bob Gualtieri said the hacker gained access by compromising the operating system at the city’s main water treatment facility.

“It is heartening to see the FBI, CISA, EPA, and the NSA working together with the Water ISAC and Dragos to put this alert together,” said Bill Lawrence, CISO at SecurityGate. “Adversaries are looking to use spearphishing (targeted phishing) and exploits against unpatched software or outdated firmware to execute these attacks.”

Lawrence lauded the Department of State’s Rewards for Justice (RFJ) program offering a $10 million reward for reporting foreign cyber threats against U.S. critical infrastructure. He noted that the strategy was more effective than penalizing the victims of ransomware attacks.

Joint cybersecurity advisory guidelines on protecting water facilities
The cybersecurity advisory recommended protecting water facilities against cyber threats, including ransomware attacks.

The agencies advised cybersecurity personnel to check for suspicious activity and indicators of compromise.

These include permanent or temporary denial of access to SCADA system controls, unfamiliar data or windows alerts, abnormal operating parameters such as unusually high chemical rates, access to SCADA systems by unauthorized or unassigned individuals.

Similarly, system access by authorized employees at unusual times of the day could indicate that their security credentials have been compromised.

Unexplained restarts and fluctuations of SCADA system parameters also indicate cyber threats by malicious actors targeting water facilities.

Eric Goldstein, executive assistant director for cybersecurity at CISA said that current cyber threats underscored the need to make cybersecurity a top priority for critical infrastructure operators.

“While vulnerabilities within the water sector are comparable to vulnerabilities observed across many other sectors, the criticality of water and wastewater infrastructure and recent intrusions impacting the sector reflect the need for continued focus and investment,” Goldstein continued.

However, Lawrence noted that the multi-agency cybersecurity advisory failed to stress the need for staff training in fighting cyber threats targeting water facilities.

“From a people, processes, and technology viewpoint, user training should have been the number one recommendation so as to recognize phishing attempts, thwart ransomware, or respond rapidly if it takes hold, rather than the last bullet in the ‘additional mitigations’ strategy and buried near the end,” Lawrence concluded.

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.