Cybersecurity agency warns that US water utilities are vulnerable to hackers after Pennsylvania attack

A file photo of workmen preparing to replace older water pipes with a new copper one in Newark, New Jersey. While there is no known risk to the Pennsylvania towns’ drinking water or water supply, the cyberdefense agency urged water and wastewater utilities across the United States to take steps to protect their facilities. — AP

HARRISBURG, Pennsylvania: Hackers are targeting industrial control systems widely used by water and sewage-treatment utilities, potentially threatening water supplies, the top US cyberdefense agency said after a Pennsylvania water authority was hacked.

The U.S. Cybersecurity and Infrastructure Security Agency issued the warning Tuesday evening, three days after hacktivists shut down a piece of equipment at the Municipal Water Authority of Aliquippa, Pennsylvania, just outside Pittsburgh. The hack effectively idled pumping equipment in a remote station that regulates water pressure for customers in two nearby towns. Crews switched to manual backup, officials said.

The attackers likely accessed the device by exploiting cybersecurity weaknesses, including poor password security and exposure to the Internet, US officials said. The Aliquippa water authority did not respond to messages Wednesday.

The equipment identified as vulnerable is used across multiple industries, including electric utilities and oil and gas producers. It regulates processes including pressure, temperature and fluid flow, according to the manufacturer.

While there is no known risk to the Pennsylvania towns’ drinking water or water supply, the cyberdefense agency urged water and wastewater utilities across the United States to take steps to protect their facilities.

The equipment at issue is made by Israel-based Unitronics, which did not immediately respond to queries about what other facilities may have been hacked or could be vulnerable. According to Unitronics’ website, the controllers at issue are built for a wide spectrum of industries.

The Biden administration has been trying to shore up cybersecurity in U.S. critical infrastructure – more than 80% of which is privately owned - and has imposed regulations on sectors including electric utilities, gas pipelines and nuclear facilities.

But many experts complain that too many vital industries are permitted to self-regulate and administration officials want software providers to also assume a higher burden for safety. – AP

×

Related stories:

Singapore luxury resort says data of 665,000 customers hacked

Hacked Philippine health insurer didn’t have cyber protection software

Teen hacked Uber, Revolut and Grand Theft Auto maker, London court hears

Rookie cop hacked women’s social accounts, posted their nude photos, US police allege

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

   

Report it to us.

Next In Tech News
Robinhood set to report highest quarterly revenue since meme stock frenzy
Apple unveils new AI-focused chip in upgraded iPad Pro
US consumer watchdog fines Chime $3.25 million for delaying refunds
OpenAI to launch tool to detect images created by DALL-E 3
Investopedia-owner Dotdash Meredith signs content license deal with OpenAI
GlobalFoundries forecasts Q2 revenue, profit above estimates on chip market recovery
Tesla Autopilot probe escalates with US regulator’s data demands
How the EU transformed tech
Nigeria sets dangerous precedent by detaining Binance execs, CEO says
Online retailer Zalando returns to growth thanks to premium brands

Trending in Tech

Others Also Read

Load more

Copyright © 1995- Star Media Group Berhad [197101000523 (10894-D)]

Best viewed on Chrome browsers.