A very recent incident in the Middle East provides an interesting cyber-security case study.
Some of the Israeli Water Authority (IWA) plants were subject to a cyber-attack over the weekend, then advised to change all passwords for internet accessing services.
The strongly suspected cyber-attack against Israeli Water Authority facilities occurred during the weekend, according to an internal departmental report mentioned in an article by Israeli newspaper ‘Ynet’.
According to the govt internal report, the incident occurred Friday and Saturday & was stopped by the authority’s cyber-division. A memo was sent by Israel’s Water Authority officials, & it ordered all employees to immediately change their passwords to the sites’ systems, “with emphasis on the operational system & the chlorine control in particular.”
Israel’s National Cyber Array report on the incident stated it was first advised on April 23 that attacks had been detected on control & control systems of wastewater treatment plants, pumping stations & sewers.
It was explained that in response the agency called for organisations operating in these areas to take a number of steps, and to take them immediately.
“The system calls on companies & entities in the energy & water sectors to immediately exchange passwords from the Internet to the control systems, reduce Internet connectivity and ensure that the most up-to-date version of controllers is installed,” the National Cyber Array observed.
Stuart Reed, VP cyber at Nominet comments: “The recent cyber-attack on water supply and treatment facilities in Israel, and consequential advice to either change passwords or take systems offline, demonstrates just how disruptive an attack on critical national infrastructure can be. In a world where industrial infrastructure is increasingly linked and managed through the internet, taking services offline is significant.
“While only limited details about the attack have been revealed, the alert comes from the Israeli Government & does demonstrate well-coordinated communication during their incident response process. By incorporating these types of processes, with sophisticated technology that can act fast & protect the breadth of a network, combined with a workforce that is increasingly aware of the cyber risks, governments around the world can work towards a much more resilient cyber posture.”
National Cyber Array
The ‘National Cyber Array’, which is part of the Israeli National Cyber Directorate is responsible for every type of cyber-defence in the civilian arena, from initially forming policy & building technology to operational defence in cyberspace.
This Ynet report cites the head of the Water Authority’s Security Dept, Daniel Lacker, explaining to the head of the cyber department, Avi Azar that, “We have received a number of reports regarding a cyber-attack on the… systems. No damage was reported during the incident.”
Dave Weinstein, CSO at Claroty commented: “This attempted attack highlights that while water infrastructure often eludes the public’s attention as a major source of cyber-risk, it remains susceptible to both targeted and non-targeted threats. A combination of legacy systems, growing connectivity, and federated management; most water utilities are owned and operated at a local level; warrants a high prioritisation of cyber-security for the water & wastewater sectors on a global level.
“As with most OT systems, our water infrastructure demands a granular level of visibility to detect not only latent threats on the network, but also anomalies that might be indicative of a threat or could subject the network to even novice hackers.
Misconfigurations and known vulnerabilities effectively lower the barriers to entry for threat actors and increase the risk of exploitation. Further, as information technology networks converge with OT networks, owners and operators of water infrastructure should be ever vigilant against account compromises that might grant an attack direct access to industrial control systems. This includes employees & third-party vendors that are accessing the infrastructure remotely.”
A seeming success story after an attack on a country’s vital infrastructure, especially as it occurred in the Middle East, where water is deemed so essential.