CISA Releases Advisory on New Cyberattack on Water and Wastewater Facilities

These PLCs have been commonly used in water and wastewater facilities, among others.   December 7, 2023


By Jeff Wardon, Jr., Assistant Editor


A joint Cybersecurity Advisory (CSA) has been released concerning repeated cyber activities against Israeli-made Unitronics Vision Series programmable logic controllers (PLCs).  

Beginning on November 22, these PLCs, commonly found in water and wastewater facilities in the U.S., were being targeted by Iranian Government Islamic Revolutionary Guard Corps (IRGC)-affiliated cyber actors known as “CyberAv3ngers”, according to the Cybersecurity and Infrastructure Security Agency (CISA). The PLCs can also be found in other industries such as energy, food and beverage manufacturing, and healthcare. 

“These PLC and related controllers are often exposed to outside internet connectivity due to the remote nature of their control and monitoring functionalities,” CISA says in the CSA. “The compromise is centered around defacing the controller’s user interface and may render the PLC inoperative. With this type of access, deeper device and network level accesses are available and could render additional, more profound cyber physical effects on processes and equipment.” 

CISA recommends these immediate steps that network defenders at facilities can take to mitigate these cyberattacks: 

  • Change all default passwords on PLCs and human machine interfaces (HMIs) and use a strong password. Ensure the Unitronics PLC default password is not in use. 
  • Disconnect the PLC from the public-facing internet. 

Following up on the mitigative steps, CISA stresses that exercising, testing and validating an organization’s security protocols is crucial. They also highlight testing existing security controls to see how they do against the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) techniques identified in their advisory.  

This CSA recommends the six following steps for getting started: 

  • Select an ATT&CK technique described in this advisory. 
  • Align your security technologies against the technique. 
  • Test your technologies against the technique. 
  • Analyze your detection and prevention technologies’ performance. 
  • Repeat the process for all security technologies to obtain a set of comprehensive performance data. 
  • Tune your security program, including people, processes and technologies, based on the data generated by this process. 

Jeff Wardon, Jr. is the assistant editor for the facilities market. 

Next


Read next on FacilitiesNet