Experts have long warned that exposing industrial control systems (ICS) to the internet makes them prime targets for government-linked threat groups and hackers. Recently, the Canadian Cybersecurity Center disclosed incidents affecting water facilities and oil and gas companies, urging immediate responses from Chief Information Security Officers (CISOs). Cyber attackers often exploit accessible ICS devices to garner media attention or undermine organizational trust, impacting national image.
One specific incident involved hackers infiltrating a water service provider’s control system, manipulating pressure values and degrading service quality for customers. Similar attacks have occurred in the U.S., including a hack by a group linked to Iran. For instance, the Cyber Av3ngers group targeted a water authority in Pennsylvania in 2023, with timely detection averting supply issues. Another incident in Florida saw a facility hacked in 2021, where an attacker altered sodium hydroxide levels, potentially causing severe health risks, but was quickly mitigated.
Additionally, a Canadian oil and gas firm experienced hackers manipulating automated tank gauge data, raising false alarms. The center’s alert emphasized that public institutions must ensure robust security measures, including virtual private networks and multi-factor authentication, across all ICS components to prevent such vulnerabilities. Security guidelines specific to ICS and links to other cybersecurity documents were included to aid organizations in bolstering defenses.
👉 Pročitaj original: CIO Magazine
