CISA and EPA Warn of Cyber Risks to Water System Interfaces

by admin 0 Comments

Security
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Internet-exposed Human Machine Interfaces (HMIs) pose significant risks to the Water and Wastewater Systems (WWS) sector, according to a new fact sheet jointly released by the US Cybersecurity and Infrastructure Security Agency (CISA) and the Environmental Protection Agency (EPA).

Titled Internet-Exposed HMIs Pose Cybersecurity Risks to Water and Wastewater Systems and published last week, the document outlines vulnerabilities and provides actionable guidance for operators to protect critical infrastructure.

HMIs are essential tools that enable facility operators to manage operational technology (OT) systems, such as supervisory control and data acquisition (SCADA) systems. When these interfaces are exposed online without adequate safeguards, they can become targets for malicious actors.

Cyber-attacks on HMIs can allow unauthorized users to manipulate water treatment processes, disable alarms or lock operators out of systems altogether. Recent incidents, including those linked to pro-Russia hacktivists, havecaused disruptions such as forcing equipment to exceed safe limits and restricting access by altering administrative passwords.

Why Securing HMIs is Critical

CISA and EPA warn that the consequences of failing to secure HMIs go beyond temporary disruptions. Exploited vulnerabilities can force facilities to revert to manual operations, which can compromise the delivery of essential water and wastewater services. The recent surge in cyber incidentstargeting WWS facilities highlights the urgency of addressing these risks.

The fact sheet emphasizes best practices for mitigating these vulnerabilities. Key recommendations include:

  • Disconnecting HMIs from public internet access when possible

  • Using strong passwords and multi-factor authentication (MFA)

  • Updating software and firmware regularly to address vulnerabilities

  • Implementing network segmentation with tools like demilitarized zones (DMZs)

  • Monitoring login attempts and investigating suspicious activity

Read more on safeguarding water and other critical infrastructure from cyberattacks: ACSC and CISA Launch Critical OT Cybersecurity Guidelines

To support the WWS sector, CISA also offers freevulnerability scanning services that help facilities identify and address weaknesses. Additional resources include the Top Cyber Actions for Securing Water Systems guide and EPA’s guidance on improving cybersecurity practices at drinking water and wastewater utilities.

Facility operators are encouraged to act quickly to implement these measures and reduce risks to their systems.

This article was originally published by Infosecurity-magazine.com. Read the original article here.
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Products You May Like

Articles You May Like

HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft
Thousands Download Malicious npm Libraries Impersonating Legitimate Tools
Ukraine’s Security Service Probes GRU-Linked Cyber-Attack on State Registers
LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages
Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware

Leave a Reply

Your email address will not be published. Required fields are marked *