A suspected cyber-attack against several Israeli Water Authority facilities happened over the weekend, according to an internal departmental report cited in an article by Isaeli newspaper Ynet.
It says that according to the government internal report, the incident occurred Friday and Saturday and was thwarted by the authority's cyber-division. A memo sent by Water Authority officials ordered all personnel to immediately change the passwords to the facility's systems, "with emphasis on the operational system and the chlorine control in particular."
Israel’s National Cyber Array report noted it was first informed on April 23 that attacks had been launched on control and control systems of wastewater treatment plants, pumping stations and sewers. In response the agency is calling for organisations operating in these areas to take several immediate steps.
“The system calls on companies and entities in the energy and water sectors to immediately exchange passwords from the Internet to the control systems, reduce Internet connectivity and ensure that the most up-to-date version of controllers is installed,” the National Cyber Array said.
In an email to SC Media UK, Stuart Reed, VP cyber at Nominet comments: “The recent cyber-attack on water supply and treatment facilities in Israel, and consequential advice to either change passwords or take systems offline, demonstrates just how disruptive an attack on critical national infrastructure can be. In a world where industrial infrastructure is increasingly linked and managed through the internet, taking services offline is significant.
“While only limited details about the attack have been revealed, the alert comes from the Israeli Government and does demonstrate well-coordinated communication during their incident response process. By incorporating these types of processes, with sophisticated technology that can act fast and protect the breadth of a network, combined with a workforce that is increasingly aware of the cyber risks, governments around the world can work towards a much more resilient cyber posture.”
The National Cyber Array is part of the Israel National Cyber Directorate is responsible for all aspects of cyber-defence in the civilian sphere, from formulating policy and building technological power to operational defence in cyberspace.
The Ynet repot quotes the head of the Water Authority's security department, Daniel Lacker, telling the head of the cyber department Avi Azar that, "We have received a number of reports regarding a cyber-attack on the... systems. No damage was reported during the incident."
Dave Weinstein, CSO at Claroty emailed SC Media UK to comment: “This attempted attack highlights that while water infrastructure often eludes the public’s attention as a major source of cyber-risk, it remains susceptible to both targeted and non-targeted threats. A combination of legacy systems, growing connectivity, and federated management—most water utilities are owned and operated at a local level—warrants a high prioritisation of cybersecurity for the water and wastewater sectors on a global level.
“As with most OT systems, our water infrastructure demands a granular level of visibility to detect not only latent threats on the network, but also anomalies that might be indicative of a threat or could subject the network to even novice hackers. Misconfigurations and known vulnerabilities effectively lower the barriers to entry for threat actors and increase the risk of exploitation. Furthermore, as information technology (IT) networks converge with OT networks, owners and operators of water infrastructure should be ever-vigilant against account compromises that might grant an attack direct access to industrial control systems. This includes employees and third-party vendors that are accessing the infrastructure remotely.”
An earlier version of this story was first published in SC US.