Water utilities play a critical role in supporting life and economic activities, yet they face increasing threats from cyber adversaries. Industrial control systems (ICS) and operational technology (OT) have become prime targets for cyber threat activity. Dragos tracks numerous distinct threat groups and monitors their impact on various industries and regions. Among these sectors, water and wastewater systems are among the most vulnerable to a range of cyber attacks, which can disrupt operations and pose safety risks to their fundamental functions.
Cyber Attacks on Water Systems
In November 2023, the CyberAv3ngers hacktivist group successfully compromised PLCs at water utilities across the North America, Europe, and Australia. These incidents represent the first successful cyber attacks on water systems by hacktivists, leading to material impacts in at least one community with the disruption of water services spanning two days. Although their technical sophistication was low, these attacks were facilitated by inadequate security measures, such as the use of default passwords on internet-exposed OT devices, in place at many critical water utilities.
Extending the focus beyond water to other essential infrastructures, the FBI disclosed in February that the threat group VOLTZITE, which overlaps with Volt Typhoon, has penetrated critical infrastructure within the US and globally, setting the stage for potential future attacks.
Crossing the Rubicon: Hacktivist Intrusions Against Israeli-Made OT
After consistent promotion of misleading claims targeting companies in the Middle East, a hacktivist group, the self-styled CyberAv3ngers, broadened their operations and stepped up their objectives with attacks on programmable logic controllers (PLCs) used by water utilities across North America, Europe, and Australia with an anti-Israel message.
Watch the On-Demand WebinarWater Industry Cyber Threats
Water and wastewater utilities are more vulnerable to these threats because of the convergence of complex supply chains, vendor ecosystems, and the integration of IT and ICS/OT systems. Among the critical components of water and wastewater systems, lift and pump stations and treatment facilities have the largest potential digital attack surface. The most pervasive cyber threats to water and wastewater systems include:
- Exploitation of remote access technologies
- Vulnerable ICS/OT controllers
- Adversaries accessing the ICS/OT environment through exposed assets
- Attacks on the IT environment followed by capitalizing on poor network segmentation
- Lack of multifactor authentication
According to a newly released Dragos Water and Wastewater Threat Perspective, nearly 60 percent of identified high-severity vulnerabilities in OT systems used by the water and wastewater sector are related to controller assets, including programmable logic controllers (PLCs) and variable frequency drives (VFDs). Over 90 percent of identified vulnerabilities in WWS IT systems are related to connectivity devices and systems such as virtual private networks (VPNs) and remote administration tools.
One Water Utility’s Experience: Implementing a Comprehensive OT Cybersecurity Approach
Responsible for managing an extensive infrastructure, including 20 dams and 2,000 kilometers of pipelines, one of Dragos’s utility customers delivers water to over 5,000 commercial entities. Its vast, complex OT network, filled with legacy systems, was a prime target for cyber threats, posing risks to public health and compliance. This demanded a strategic shift in their cybersecurity approach.
Choosing Dragos for its OT expertise, the utility embarked on a partnership that began with a thorough evaluation of its cybersecurity needs, leading to the deployment of the Dragos Platform.
Transforming OT Security and Operational Resilience
The Dragos Platform revolutionized the utility’s approach to cybersecurity:
- Enhanced Visibility and Asset Management: The platform provided real-time insights into OT assets and vulnerabilities, improving maintenance and operational efficiency.
- Contextual Vulnerability Management: With prioritized vulnerabilities and detailed reports, the utility gained a deep understanding of its OT environment.
- Incident Response Excellence: Dragos’ expert playbooks and rapid response capabilities led to quicker, more efficient handling of cybersecurity incidents.
- Simplified Compliance: The platform’s reporting tools eased compliance burdens, facilitating smoother audits.
This cybersecurity upgrade not only strengthened defenses against threats like those detailed in the latest research, but also set the stage for future innovation and growth.
The journey involved overcoming challenges with legacy systems and integrating IT and OT processes. The collaboration between the utility and Dragos, along with the utility’s long-standing efforts to align IT and OT, was key to navigating these hurdles, leading to successful tool implementation and consistent cybersecurity practices.
The utility’s partnership with Dragos has equipped it to confidently face future cyber threats. Plans to expand the Dragos Platform’s reach promise even greater security and operational efficiency. This case study highlights the importance of targeted OT cybersecurity solutions in protecting essential services and promoting sector-wide excellence.
Download the Case Study
Download the full case study to dive deeper into this impactful partnership and its outcomes:
Ready to put your insights into action?
Take the next steps and contact our team today.