Last January, a hacker group associated with the Russian government hacked into the water system of a small town in Texas. Two other small Texas towns reported attempts to penetrate their water systems.
The attack caused the water tank in Muleshoe, Texas, to overflow. The FBI is investigating all three cyber attacks as part of a Russian government effort to target American infrastructure.
On Wednesday, 911 emergency services were down in all of South Dakota and parts of Nebraska, Nevada, and Texas. No one is pointing the finger at anyone, but the Department of Homeland Security has warned of increased risks of cyber attacks on 911 systems as they have moved to digital systems based on IP addresses.
In March, the Biden administration warned that cyber attacks were hitting water and wastewater plants across the U.S. “We need your support to ensure that all water systems in your state comprehensively assess their current cybersecurity practices,” said the letter to the governors from EPA Administrator Michael Regan and national security adviser Jake Sullivan.
Sullivan said at the time that “even basic cybersecurity precautions” were not being used at water facilities, and that “can mean the difference between business as usual and a disruptive cyberattack.”
Sullivan says cyber attacks are hitting water plants "throughout the United States" and that states must improve cyber security. Mandiant, a private cybersecurity firm working with the government, has publicly linked the Texas water tank attacks to Russian security services.
The Texas hacking incidents gained little national attention when they occurred as questions lingered about who was behind the activity. But on Wednesday, Mandiant publicly linked the channel on Telegram, a social media platform, where hackers claimed responsibility for the Muleshoe attack with previous hacking activity carried out by a notorious unit of Russia’s GRU military intelligence agency.
It was unclear, Mandiant analysts said, whether the GRU was behind the cyberattack on Muleshoe’s water facility or if other Russian-speaking hackers using the same persona were claiming responsibility for the hack.
The string of incidents did not affect drinking water in the towns. But if it is confirmed that the GRU or one of its proxies was involved, this would mark an escalation in targeting US critical infrastructure for a Russian group often known for focusing on Ukraine.
“Water utilities are being abused by adversaries taking advantage of low-hanging fruit—vulnerable services directly accessible from the internet,” said Gus Serino, a water-sector cybersecurity expert and president of security firm I&C Secure.
“Regulations have not required this low-hanging fruit to be addressed,” Serino told CNN. “This shows a pretty clear need to handle the basics.”
As for 911 systems, the move to the Next Generation 911 systems (NG911) has begun to cause problems for systems that are not prepared for attacks.
Traditional 911 services typically operate over standard voice-based telephone networks and use software, such as computer-aided dispatch systems, that operate on closed, internal networks with little to no interconnections with other systems. The limited means of entry into the traditional 911 network significantly limited potential attack vectors, and what little cyber risk existed could be easily managed. NG911’s interconnections enable new response capabilities. However, they also represent new vectors for attack that can disrupt or disable PSAP operations, broadening the concerns of―and complicating the mitigation and management of―cyber risks across all levels of government.
The potential cyber risks to a NG911 system do not undermine its tremendous benefits. Nevertheless, cyber risks do present a new level of exposure that PSAPs must understand and actively manage as a part of a comprehensive risk management program. Past events have proven 911 systems are attractive targets for cyber-attacks.
It may not be a shooting war. But adversaries like Russia and China will find ways to attack us at our most vulnerable points. Our own cyberwarfare capabilities are reported to be awesome. But if Biden doesn't use them to deter the enemy, they're not worth much of anything.
Join the conversation as a VIP Member