CISA warns of an increase in the number of attacks that exploit the vulnerability of Unitronics equipment.
The US Cybersecurity and Infrastructure Protection Agency (CISA) actively informs water infrastructure operators about the vulnerabilities of the Israeli company Unitronics devices. The reason for concern was the November attack on Unitronics equipment used by the Pennsylvania Water Authority in Aliquippa, conducted by the Iranian group CyberAv3ngers, which is allegedly associated with the IRGC.
Eric Goldstein, CISA's executive assistant director for Cybersecurity, said:"We identify the operators using these devices and alert them to prevent possible intrusions."
After the incident in Pennsylvania, several other US water infrastructures also confirmed the facts of cyber attacks. U.S. officials, including representatives of the FBI and the Environmental Protection Agency, noted a small number of affected institutions.
The main focus is on Unitronics Programmable Logic Controllers (PLCs), widely used in the water, energy, food and healthcare industries. These devices are often connected to the Internet due to remote monitoring and monitoring, which increases their vulnerability.
Currently, the threat appears to be limited. Goldstein stressed that so far no hacking of the operating systems of water treatment plants has been recorded and there is no impact on the provision of drinking water to settlements.
Officials have confirmed that hackers linked to the IRGC exploited vulnerabilities in Unitronics devices starting on November 22 to target Israeli products.
With regard to the cybersecurity of the water industry, the Biden administration even launched a National Cybersecurity Strategy in March, but the relevant Environmental Protection Agency memorandum was withdrawn in October after lawsuits.
David Travers of the EPA emphasized the importance of basic cybersecurity measures for water systems and refuted the view that such measures are costly. "Without cybersecurity requirements and oversight, our water systems and the societies they serve will continue to be vulnerable," Travers said, adding that cybersecurity across the entire water sector needs to be improved soon.
The US Cybersecurity and Infrastructure Protection Agency (CISA) actively informs water infrastructure operators about the vulnerabilities of the Israeli company Unitronics devices. The reason for concern was the November attack on Unitronics equipment used by the Pennsylvania Water Authority in Aliquippa, conducted by the Iranian group CyberAv3ngers, which is allegedly associated with the IRGC.
Eric Goldstein, CISA's executive assistant director for Cybersecurity, said:"We identify the operators using these devices and alert them to prevent possible intrusions."
After the incident in Pennsylvania, several other US water infrastructures also confirmed the facts of cyber attacks. U.S. officials, including representatives of the FBI and the Environmental Protection Agency, noted a small number of affected institutions.
The main focus is on Unitronics Programmable Logic Controllers (PLCs), widely used in the water, energy, food and healthcare industries. These devices are often connected to the Internet due to remote monitoring and monitoring, which increases their vulnerability.
Currently, the threat appears to be limited. Goldstein stressed that so far no hacking of the operating systems of water treatment plants has been recorded and there is no impact on the provision of drinking water to settlements.
Officials have confirmed that hackers linked to the IRGC exploited vulnerabilities in Unitronics devices starting on November 22 to target Israeli products.
With regard to the cybersecurity of the water industry, the Biden administration even launched a National Cybersecurity Strategy in March, but the relevant Environmental Protection Agency memorandum was withdrawn in October after lawsuits.
David Travers of the EPA emphasized the importance of basic cybersecurity measures for water systems and refuted the view that such measures are costly. "Without cybersecurity requirements and oversight, our water systems and the societies they serve will continue to be vulnerable," Travers said, adding that cybersecurity across the entire water sector needs to be improved soon.
