Alex Sharpe shares a timely reminder and advice on how to be aware and prepare for potential cyber attacks.
The Energy, Food and beverage, Manufacturing, and Healthcare sectors are also affected.
Soon after the series of coordinated armed incursions into Israel by Hamas and the subsequent response by Israel, we saw a significant uptick in malicious cyber operations from Advanced Persistent Threat (APT) associated with the Iranian Government Islamic Revolutionary Guard Corps (IRGC).
You can find the details in a (rare) joint advisory from Cybersecurity and Infrastructure Security Agency , Federal Bureau of Investigation (FBI) , National Security Agency, US Environmental Protection Agency (EPA) and Israel National Cyber Directorate – מערך הסייבר הלאומי (INCD).
Bottom Line: Basic blocking and tackling go a long way toward improving your cyber resilience. You must be especially mindful if your organization uses Israeli-made Unitronic’s Vision Series programmable logic controllers (PLCs). The hackers are prioritizing organizations using components manufactured by Israeli companies.
Implement Multi-Factor Authentication (MFA)
Use strong, Unique Passwords
Check the PLCs for default passwords.
It is scary how simple and low-cost these three items are.
We often forget cyber incidents can impact the physical world, like when the Colonial Pipeline incident disrupted the supply of gasoline, diesel fuel, and jet fuel. Or when the cyber attack on JBS disabled its beef and pork production in the United States, Canada, and Australia.
Disruption in the water supply quickly renders other sectors ineffective. Most likely in ways we have not considered. The “Water Sector Resilience Final Report and Recommendations,” published in June 2016, on page 2, has a good Infograph that maps out the impact of disruption in the water supply to 12 sectors. Here are select examples:
Key points include:
Shifting responsibility to product vendors
Iran attempting to broaden the Israeli-Hamas conflict
Litigation restricting EPA protection
Read the full article, Malicious Cyber Activity Against Operational Technology (OT), especially Water: What You Can Do Today, on LinkedIn.