Cybersecurity |


Assessing threat levels


Collaborative warnings, global surveys and system vulnerabilities are all featured in this round up on cybersecurity


Above: Italy’s Olginate Dam divides the Garlate and Olginate Lakes, regulates the level of Lake Como and distributes outflows between the irrigation and hydroelectric utilities located downstream


AN URGENT WARNING FROM multiple cybersecurity organisations in May 2024 highlighted the current threat faced by modern industries, such as the dams industry. In a collaborative effort, a joint statement was issued by various US organisations, including the National Security Agency, Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigation, Environmental Protection Agency, and the Departments of Energy and Agriculture, along with the UK’s National Cyber Security Centre, and the Canadian Centre for Cyber Security. They warned that pro-Russia hacktivists were conducting malicious cyber activity and compromising small-scale OT systems across North American and Europe, targeting water and wastewater systems, dams, energy, and food and agriculture sectors.


Since 2022, the authoring organisations say they’ve observed malicious activity and had released a joint guidance to share information and mitigations. Giving an overview of the threat, they stated although pro- Russia hacktivist activity against these sectors was mostly limited to unsophisticated techniques to create nuisance effects, they were also capable of posing physical threats against insecure and misconfigured OT environments. Indeed pro-Russia hacktivists


16 | March 2025 | www.waterpowermagazine.com


have been observed gaining remote access via a combination of exploiting publicly exposed internet- facing connections and outdated software, as well as using factory default passwords and weak passwords without multifactor authentication. In 2024, the CISA and the FBI responded to several US-based water and waste water victims who experienced limited physical disruptions from an unauthorised user remotely. Specifically, pro-Russia hacktivists caused water pumps and blower equipment to exceed their normal operating parameters. In each case, the hacktivists maxed out set points, altered other settings, turned off alarm mechanisms, and changed administrative passwords to lock out the operators. Some victims experienced minor tank overflow events but most victims reverted to manual controls in the immediate aftermath and quickly restored operations. “ [In 2024] we have observed pro-Russia hacktivists


expand their targeting to include vulnerable North American and European industrial control systems,” said Dave Luber, Director of Cybersecurity at the National Security Agency in the US. “NSA highly recommends critical infrastructure organisations’ OT administrators implement the mitigations outlined, especially changing any default passwords, to improve


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45