State and Local
Government
Infrastructure
In 2023, malware cyber-attacks surged
in the US state and local government sector
by 148% resulting in millions of dollars
in overall costs per incident
As state and local governments digitize critical infrastructure, they face rising threats from sophisticated cyber actors. With limited budgets and outdated technology, these governments become prime targets, unlike federal agencies with robust resources. Cyber-attacks jeopardize essential services like emergency response, water systems, and public records, while draining financial resources. In 2023 alone, cyber incidents cost local governments over $70 million in recovery expenses, disrupting vital operations (on average, attacks cause 9.6 days of downtime significantly impacting community services). Over 400 cyber incidents were reported in 2023, underscoring the urgent need for modernized systems and proactive threat detection to safeguard communities.
The Aliquippa Water Treatment Attack (2023)
A significant cyberattack that targeted the operational technology (OT) systems of a water treatment plant in Aliquippa, Pennsylvania. The attack exposed critical vulnerabilities in water infrastructure, highlighting the growing threat landscape in sectors that manage essential public services like water supply. The attack was carried out by an Iranian cyber group, CyberAv3ngers, who infiltrated the water treatment plant's SCADA (Supervisory Control and Data Acquisition) systems. They gained unauthorized access to a Pressure Regulation Pump system, which allowed them to manipulate the water pressure within the system. While the damage was not catastrophic, the disruption caused a temporary imbalance in water distribution across the region.
Impact
- Operational Disruption: The attackers' manipulation of the pressure regulation system resulted in inconsistent water distribution, causing temporary service interruptions to residential and commercial users.
- Public Safety: While there were no immediate casualties or widespread water contamination, the attack raised concerns about the potential dangers of future incursions. Had the attackers targeted chemical dosing systems, the results could have been far more harmful.
- Economic Impact: The city incurred costs for immediate system repairs, incident response measures, and cybersecurity consulting to assess and bolster defenses after the attack.
Government Response/Regulation
- Increased Scrutiny from Federal Agencies: The EPA and CISA launched a joint investigation, working with local authorities to identify the entry point and secure the compromised systems. They emphasized the need for immediate remediation and strengthened defenses in water systems nationwide.
- EPA Sanitary Surveys: In response to the growing cyber threat landscape, the EPA integrated cybersecurity evaluations into its regular Sanitary Surveys for water utilities under the Safe Drinking Water Act. This requires utilities to assess the cybersecurity of their OT systems as part of their compliance measures.
- White House Directive: On March 18, 2024, the White House issued a letter to all U.S. governors urging them to prioritize water system safety and cybersecurity. The letter highlighted the importance of protecting critical infrastructure, particularly drinking water, against cyber threats and emphasized the need for states to actively engage in bolstering cybersecurity defenses.
- CISA’s Cross-Sector Cybersecurity Performance Goals: CISA collaborated with the EPA to promote guidelines and performance goals tailored to water systems, focusing on OT network protection, segmentation, and remote access controls. These guidelines aim to build resilience against similar attacks by securing vulnerable systems and promoting proactive monitoring practices.
Lessons Learned
Outdated SCADA systems that lacked robust encryption or multi-factor authentication (MFA), allowing attackers to easily exploit weaknesses.
- Segmentation of IT and OT Networks: the importance of network segmentation. Water treatment plants and other critical infrastructure must segregate IT systems (used for administrative tasks) from OT systems (controlling operational processes) to prevent attackers from jumping between networks.
- Upgraded Cybersecurity for OT: Many water facilities continue to rely on outdated or poorly secured OT systems. The attack on Aliquippa’s water plant showed the urgent need to implement multi-factor authentication, secure remote access, and robust encryption for all OT systems.
- Proactive Monitoring: Constant, real-time monitoring and threat detection systems must be in place to detect anomalies within OT networks. In the case of Aliquippa, early detection could have significantly reduced the attackers' window of opportunity.
The Invisinet Solution
- Zero Trust Approach: limits access to critical systems to only pre-authorized users, reducing the chances of unauthorized actors gaining entry. This would include multi-factor authentication and strict user identity verification.
- Cloaking Key Systems: Invisinet’s cloaking technology hides key IT and OT systems (particularly SCADA) from the attackers, making it harder for them to identify which assets to target.
- Maximize Your ZTNA Investments: Incorporating identity data within session packets enhances real-time network auditing and reduces false indicators of compromise. Additionally, Invisinet enhances your anomaly detection, making it smarter and more effective.
- Regulatory Assurance: Invisinet supports regulatory compliance by integrating real-time auditing features, ensuring that identity information is accurately monitored and reported within session packets. This not only helps meet evolving cybersecurity regulations but also mitigates non-compliance risks, all while delivering cost-effective and low-disruption solutions that align with operational needs.
- Seamless IT and OT Integration: Invisinet bridges IT and OT layers, providing end-to-end, low-latency protection within heterogeneous environments. This ensures that both domains are secured effectively without compromising speed or efficiency, making it a truly cost-effective solution for industrial and critical infrastructure.