A former Israeli Air Force captain has warned that the US and Israel are still not ready to defeat a cyber attack against the water sector operated by hostile countries such as Iran. Stern highlighted the risks to critical infrastructure providers and issued his warning after a ransomware attack disrupted the IT operations of South Staffordshire Water, a UK company that supplies drinking water to 1.6M customers every day.
The intelligence official pointed out that countries like Russia, Iran, North Korea and China are likely to disrupt the water sector with dramatic consequences. He flagged Iran as Israel’s main rival in the field, but warned that “we don’t have cutting-edge ideas in the water industry,” even after cyber attacks on the Israeli and American water sectors in recent years. Jerusalem Post. Most water sector workers are civil engineers. How could they ignore it? [cyber risks]? They are very advanced in their domain in terms of pipes, water flows, ground stabilization and chemistry, but not when it comes to preventing hackers.
Lack of proper training for cyber defense is a major problem for the industry. A cyber attack on a water facility or organization in the water sector can have a wide impact because many infrastructures serve wide areas, including many cities and states, and are not easy to protect. In many cases, IT and OT networks are not separated and are not designed to withstand cyber-attacks.
Stern explained that there are 55,000 different water operators in the US, but the majority of the population is served by a small number of operators that are vulnerable to cyber attacks. He urged these organizations to take necessary protective measures quickly. Another factor that makes the water sector vulnerable to cyber attacks is increasing technology penetration, with more automation making more systems vulnerable.
He said the US government is delaying issuing an order mandating that everyone adhere to the given cybersecurity standard. Many organizations in the industrial water sector continue to use low quality systems. “The story of cyber security is decades long. We have not made enough progress over the years on how to get critical infrastructure in power plants, water and other sectors. Anne Neuberger, the Biden administration’s cyber chief, told TJP. “As soon as the administration took office, we started drafting the [first new cyber] executive order. It was released after [the] Colonial [pipeline hack], but it’s been in the works for months. President [Joe] Biden knows this is clearly a cyber priority.