CISA Warns of Critical Infrastructure Attacks: "Unsophisticated Methods" Breaching Water Systems

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding ongoing attacks on critical infrastructure systems, with a particular focus on Operational Technology (OT) and Industrial Control Systems (ICS) in the water sector. These breaches, which rely on unsophisticated methods like brute force and default credentials, pose a significant risk to the critical infrastructure supporting municipalities and water systems.

According to CISA, these targeted attacks are not exclusive to sophisticated hackers but are often carried out by leveraging simple vulnerabilities, such as weak or unchanged passwords. These vulnerabilities have proven to be an effective entry point for attackers, including pro-Russia hacktivists and state-sponsored groups from countries like Iran and China, who have been expanding their campaigns against North American and European industrial control systems.

Understanding the Threat to Idaho's Water Systems

OT devices, integral to the management of physical processes in critical infrastructure, play a crucial role in Idaho’s water treatment and wastewater facilities. These devices monitor water quality, control treatment processes, and maintain pressure and distribution—ensuring safe and reliable service to our communities.

The recent incidents highlight a concerning trend: cyberattacks are causing disruptions across the country. Just recently, a cyberattack forced Arkansas City, Kansas, to switch its water treatment operations to manual control. It is vital for Idaho's municipalities to understand the nature of these risks and take appropriate action to prevent similar disruptions.

Best Practices for Protecting Critical Infrastructure

To help protect critical infrastructure from these threats, CISA advises implementing several key security measures:

• Change Default Passwords: One of the most common attack methods is exploiting default or weak passwords. Changing these immediately helps mitigate this risk.

• Enable Multifactor Authentication (MFA): By adding an additional layer of security, MFA can effectively prevent unauthorized access even if passwords are compromised.

• Secure Human-Machine Interfaces (HMIs): Placing HMIs behind firewalls helps limit unauthorized access, reducing the likelihood of successful attacks.

• Harden Remote Access: Virtual Network Computing (VNC) installs should be hardened, and remote access to critical systems should be restricted.

• Apply the Latest Security Updates: Regular updates to OT and IT systems are essential to patch known vulnerabilities, which attackers often exploit.

A Call to Action for Idaho's Critical Infrastructure Operators

“This year we have observed pro-Russia hacktivists expand their targeting to include vulnerable North American and European industrial control systems,” said Dave Luber, Director of Cybersecurity at the National Security Agency (NSA). With increasing attention from international actors, it is more crucial than ever for Idaho’s critical infrastructure operators to prioritize cybersecurity.

The U.S. Environmental Protection Agency (EPA) recently released new guidelines to help water and wastewater system (WWS) owners evaluate their cybersecurity practices, and state governors are joining federal initiatives to bolster defenses. These combined efforts are designed to prevent future breaches and maintain the integrity of essential services.

Security Beyond Critical Infrastructure

Although this advisory focuses specifically on OT/ICS, it serves as a broader warning to every sector. The tactics being used are simple yet effective—and they are applicable to any internet-exposed environment. Critical infrastructure may be the immediate target, but businesses, municipalities, and service providers should heed this warning.

Security professionals in Idaho are encouraged to take a proactive stance. Strengthen defenses, implement security best practices, and stay vigilant. Learning from attacks on OT/ICS can provide critical insights to bolster security posture and prevent breaches in all environments.

Protecting Idaho’s Future

The protection of Idaho’s critical infrastructure relies on our collective effort to strengthen defenses against persistent threats. While attackers continue to use unsophisticated methods, we must remain vigilant and adaptable to keep our systems, our services, and our communities secure.