Water utility suffers cyber incident

A water utility reported a cyber incident when remote users experienced difficulties logging into the control systems, according to an ICS-CERT report.


A water utility reported a cyber incident when remote users experienced difficulties logging into the control systems, according to an ICS-CERT report.

Offsite and onsite analyses revealed the cause of the incident was general crimeware and was not a targeted attack, ICS-CERT said. The utility’s control systems did not suffer any repercussions as a result of the incident. ICS-CERT did not name the utility.

As a result of the event, ICS-CERT coordinated with the FBI, state, and local law enforcement during and after the incident.

While onsite, ICS-CERT reviewed network topologies and control systems architecture and evaluated the water utility’s current security and detection measures.

They also provided mitigations and made recommendations for strengthening the existing cyber security and incident detection mechanisms. The water utility has since sanitized its systems and implemented stronger and tighter security practices.

Some of the general lessons learned include:

  • Secure remote access with VPNs or two-factor authentication. For more information about configuring and managing remote access, review Configuring and Managing Remote Access for industrial Control Systems.
  • Prepare for incidents with a formalized incident response plan. Enable logging and leverage the static nature of a control system to look for anomalies. Retain logs for a sufficient amount of time.
  • Understand how to preserve forensic data for analysis and reporting when an incident occurs. Capture forensic images of the system memory and hard drive prior to powering down the system. Also, avoid running antivirus software “after the fact” as the AV scan changes critical file dates and impedes discovery and analysis of suspected malicious files and timelines.

Understand, even with the best cyber defense mechanisms in place, incidents will likely occur.

No comments
Consulting-Specifying Engineer's Product of the Year (POY) contest is the premier award for new products in the HVAC, fire, electrical, and...
Consulting-Specifying Engineer magazine is dedicated to encouraging and recognizing the most talented young individuals...
The MEP Giants program lists the top mechanical, electrical, plumbing, and fire protection engineering firms in the United States.
Salary survey: How much are you worth?; Dedicated outdoor air systems; Energy models and lighting
Fire, life safety in schools; Fire protection codes; Detection, suppression, and notification; 2015 Commissioning Giants; Emergency and standby power in hospitals
HVAC and building envelope: Efficient, effective systems; Designing fire sprinkler systems; Wireless controls in buildings; 2015 Product of the Year winners
Designing positive-energy buildings; Ensuring power quality; Complying with NFPA 110; Minimizing arc flash hazards
Implementing microgrids: Controlling campus power generation; Understanding cogeneration systems; Evaluating UPS system efficiency; Driving data center PUE, efficiency
Optimizing genset sizing; How the Internet of Things affects the data center; Increasing transformer efficiency; Standby vs. emergency power in mission critical facilities
As brand protection manager for Eaton’s Electrical Sector, Tom Grace oversees counterfeit awareness...
Amara Rozgus is chief editor and content manager of Consulting-Specifier Engineer magazine.
IEEE power industry experts bring their combined experience in the electrical power industry...
Michael Heinsdorf, P.E., LEED AP, CDT is an Engineering Specification Writer at ARCOM MasterSpec.