- If you're planning to upgrade your phone, you might want to buy one now - here's why
- Run LLMs Locally with Docker Model Runner | Docker
- Microsoft unveils 9 new Copilot features - you can try some now
- Nintendo Switch 2 pre-orders delayed, new price hike likely - here's why
- Why Temu's bargain prices are about to hit a tariff wall
Over Half of Attacks on Electricity and Water Firms Are Destructive
Over three-fifths of US and British water and electricity firms were targeted by cyber-attacks in the past year, with a majority suffering serious disruption, according to Semperis.
The security vendor polled IT and security professionals at 350 water treatment plants and electricity operators in both countries, to compile its report, The State of Critical Infrastructure Resilience.
Of the 62% that said they suffered a cyber-attack in the past year, 80% were hit multiple times. Worse, 59% revealed that the attack had disrupted normal operations, and 54% said their organization had suffered permanent corruption/destruction of data or systems.
“The systems that supply our power grids and our clean drinking water are the underpinning of everything we do,” said Chris Inglis, Semperis strategic advisor and former US national cybersecurity director.
“And yet we go about our business, confident that somebody else is going to handle it. Somebody else isn’t going to handle it. We need to harden our systems and extract criminal elements – now.”
Read more on utilities firms: NCSC Urges UK Water Companies to Secure Control Systems
The vast majority (82%) of recorded attacks targeted “Tier 0” identity systems such as Active Directory, Entra ID and Okta – meaning compromise could lead to complete network control.
Recent incidents highlight the challenge facing utilities providers. Last month it was revealed that notorious Chinese APT group Volt Typhoon had managed to maintain access to the OT network of Littleton Electric Light and Water Departments (LELWD) in Massachusetts, from February to November 2023.
The same group was flagged last year for a long-running campaign designed to infiltrate US critical infrastructure networks and “pre-position” itself, with a view to potentially launching destructive attacks in the event of a military conflict.
Also last year, UK utility Southern Water was hit by the Russian Black Basta ransomware group. Although operations were not impacted, the group is thought to have stolen personal data on hundreds of thousands of employees and customers, costing the company millions.
Four Steps to Improve Resilience
Semperis urged utilities firms to improve their cyber resilience by:
- Identifying Tier 0 infrastructure components that can help with recovery from attack
- Prioritizing incident response and recovery for these systems
- Documenting response and recovery processes, and practicing them in real-world scenarios featuring organization-wide stakeholders
- Focusing on secure as well as speedy recovery by, for example, checking backups for signs of compromise
