In April 2020, Israel suffered a cyberattack on their water facilities were lucky enough to avoid the consequences. The threat actors attempted to hack into the industrial control systems (ICS) of five Israeli Water Authority facilities and raise the level of chlorine in the nation’s water supply.
According to FirstPoint, “The attacks were designed to compromise the ICS command and control systems for Israel’s pumping stations, sewer systems, wastewater plants and agriculture pumps.”
If successful, this would have caused major health issues to all those who drank the water, as well as severely harmed the agriculture industry. The attack was quickly thwarted, but fear of more attacks continued to loom in the air, begging the question: “What should we do now?”
Who was the attacker?
This attack happened when threat actors broke into the facilities’ programmable logic controllers (PLCs) and took control of the water supply. Though the attacker is unknown, it is alleged that Iran was behind the intrusions. According to The Washington Post, “Investigators found that the hackers routed their attempted attack through computer servers in the United States and Europe — a common tactic used by adversaries of the West.”
This could have happened because the threat actors wanted to make it seem like the U.S. attacked Israel and/or were covering up their tracks and making it difficult to discover who the real intruder was. Employees at the water facility detected a change in water chlorine levels and swiftly alerted Israel’s cybersecurity agency, who took it from there.
Israel has a history of unleashing cyberattacks on Iran. Both the United States and Israel worked together to create Stuxnet to halt uranium enrichment in Iran. Stuxnet was an aggressive malware designed to stop PLCs from working. The attack on the Israeli water facilities may have been a revenge play by the Iranian government because of Stuxnet and the continued support the U.S. gives Israel.
Iran proceeded to release a statement, refuting all evidence of their involvement. Interestingly, Iran has never conducted a successful cyberattack on another nation’s industrial equipment, as far as we know. In several instances, such as with the Bowman Avenue Dam, Iran has attacked areas of the United States’ critical infrastructure, but they were never able to do any damage.
Protection and futureproofing
In response to the attack on their water systems, Israel hired cybersecurity company SIGA OT Solutions to aid in protecting against future cyberattacks on critical infrastructure.
Co-founder and CEO of SIGA Amir Samoiloff stated, “Water utilities are at the forefront of global cyberattacks. But utilities have minimal tolerance for a downtime in service, and no utility would agree to a hacker deciding whether its infrastructure will operate or not.”
The Israeli facilities updated all firmware on the ICSs and replaced outdated equipment with newer systems. All employees of the facilities were required to change their login passwords as a precaution.
Oldsmar water treatment facility attack
In early 2021, the United States experienced a similar cyberattack at the Oldsmar water treatment facility in Florida. However, this attack was successful. The unknown hacker managed to raise the lye content in the water supply from 100 parts per million (ppm) to 11,100 ppm. This is enough lye to do damage to skin tissue upon contact. Thankfully, before any damage was done, an engineer noticed this substantial increase and decreased the lye count back to the normal number.
Both the Israeli water supply hack and the Oldsmar water treatment hack were attacks that could have had a massive toll on critical infrastructure, health nd human safety if they were successful. Even though threat actors have different intentions, it only takes one competent hacker to bring a civilization to its knees.
In order to ensure the safety of critical infrastructure, nations must continue to update their cybersecurity methods and inform their citizens of different cybersecurity strategies to protect themselves. This is why various government organizations have been rising up to the challenge of protecting critical infrastructures and growing out cybersecurity departments, budgets and control.