Three members of Congress have called on the U.S. Justice Department to investigate a recent hack of a water authority near Pittsburgh, highlighting concerns about the vulnerability of water and sewage-treatment utilities across the nation. Senators John Fetterman and Bob Casey, along with Representative Chris Deluzio, expressed their belief that Americans must feel secure in the knowledge that their basic infrastructure, including drinking water, is protected from cyberattacks by nation-state adversaries and terrorist organizations.
The foreign hackers breached the industrial control system of the water authority, which was found to be made in Israel. A photograph from the Municipal Water Authority of Aliquippa, Pennsylvania, suggested that the hackers specifically targeted the facility due to its connection to Israel. The photo displayed a message from the hackers, identifying themselves as Cyber Av3ngers, declaring Every equipment ‘made in Israel’ is Cyber Av3ngers legal target. The group using this name made similar claims on social media platforms, stating that they had hacked ten water treatment stations in Israel.
According to U.S. officials, the group known as Cyber Av3ngers is believed to be behind the attack on the Aliquippa water authority. Matthew Mottes, the chairman of the water authority, revealed that federal officials had informed him of similar breaches at four other utilities and an aquarium. However, the Aliquippa water authority appears to be the first impacted by such an attack.
Leading cybersecurity companies, Check Point Research and Google’s Mandiant, have identified Cyber Av3ngers as hacktivists linked to the Iranian government. Check Point’s Sergey Shykevich stated that since the start of the Israel-Hamas conflict, the group has intensified its efforts to target critical infrastructure in Israel. Shykevich and other cybersecurity experts anticipated an increase in hacktivism following Israel’s attacks in Gaza.
The particular device that was compromised in Pennsylvania, a programmable logic controller manufactured by Israel-based Unitronics, is used in various industries, including water and sewage-treatment utilities, electric companies, and oil and gas producers. The U.S. Cybersecurity and Infrastructure Security Agency noted that the breach likely occurred due to cybersecurity vulnerabilities such as weak passwords and exposure to the internet.
The cybersecurity incident in Pennsylvania serves as a reminder that many water utilities have not given sufficient attention to securing their systems against potential cyber threats. The attack prompted the water authority to temporarily halt pumping at one remote facility, which regulated water pressure for customers in neighboring towns. To ensure customer safety, the system was taken offline, and manual operation was initiated.
Coincidentally, just weeks before the attack, the Environmental Protection Agency rescinded a rule that would have required cybersecurity testing for U.S. public water systems during federally mandated audits. This rollback was triggered by a federal appeals court decision following a case involving Missouri, Arkansas, Iowa, and a water utility trade group.
While the Biden administration aims to strengthen cybersecurity measures for critical infrastructure, many experts argue that too many industries are still allowed to regulate themselves. The administration has implemented regulations for sectors such as electric utilities, gas pipelines, and nuclear facilities. In light of the recent cybersecurity warning issued by the U.S. agency, efforts to safeguard critical infrastructure, which is predominantly privately owned, must be prioritized.
Authorities have urged water and sewage-treatment utilities to remain vigilant in addressing cybersecurity weaknesses and vulnerabilities. The attack on the Aliquippa water authority highlights the need for robust security measures, both in Pennsylvania and across the entire United States. As cybersecurity threats continue to evolve, it is crucial that proactive measures are taken to protect the nation’s critical infrastructure, ensuring the safety and well-being of all Americans.
