Exploring Water Facility Cyber-Attacks

Water facilities are one of the most important energy infrastructures in the world. They provide energy, clean drinking water, and water filtration to all. Worrisomely, they are becoming more and more targeted by hackers, according to a 2024 report by IBM’s “X-Force Threat Intelligence Index” (Gregory). The IBM report stated that energy companies are the fourth most targeted industry when it comes to cyber-attacks with America seeing 22% of all energy cyber-attacks (Gregory). Threat actors “most common[ly]” attack the industry using malware to cause damage to energy plants or ransomware to halt production and force the company to pay them (Gregory). 

Aliquippa, Pennsylvania water facility hack by CBS (Stanish).

One such hack occurred last November when an Iranian funded group who calls themselves “Cyber Av3ngers” took control of a water station in Aliquippa, Pennsylvania, according to CBS news (Stanish). The very American superhero sounding group plastered their message on monitors within the water facility stating that “EVERY EQUIPMENT ‘MADE IN ISRAEL’ IS CYBER AV3NGERS LEGAL TARGET” (Stanish). The anti-Israeli group targeted this water plant as it uses an Israeli made software “Unitronics” (Stanish). Fortunately, no harm was caused to the water or the public and the station regained control quickly after the attack. Cyber Av3ngers take responsibility for numerous other power outages and worldwide strikes on their Twitter/X page that can be found here. According to the CBS article this is a real page by them.  

The Cyber Av3ngers hack is only one of multiple recent attacks on water facilities. The gravest concern amongst water facility officials is that “hackers are lying dormant in water facilities’ systems” so that a concentrated strike could “target multiple areas at the same time” causing much greater harm, said Frank Ury, president of the board of the Santa Margarita Water District in southern California (Gregory). While no serious harm has occurred in America due to a water facility attack it is a growing concern that must be addressed. 

The Cybersecurity and Infrastructure Security Agency (CISA) published a 27-page incident response guide for water facilities pertaining to cyber-attacks. The incident response guide walks a response team through the steps that they must take when assessing, containing, and resolving a cyber-attack against a water facility. These guides are created for organizations to have a structured and detailed modern-day response to a cyber-attack. The guide can be found here for those interested. 

Continue Reading This Story 

Gregory, Jennifer. “Water Facilities Warned to Improve Cybersecurity.” Security Intelligence, securityintelligence.com/articles/water-facilities-warned-to-improve-cybersecurity/. 

Stanish, Erika. “Municipal Water Authority of Aliquippa Hacked by Iranian-Backed Cyber Group – CBS Pittsburgh.” Www.cbsnews.com, 26 Nov. 2023, www.cbsnews.com/amp/pittsburgh/news/municipal-water-authority-of-aliquippa-hacked-iranian-backed-cyber-group/ 

You may also like