In a recent development, the US government has issued a call to action for water and wastewater organizations to bolster their defenses against cyberattacks targeting internet-exposed human-machine interfaces (HMIs). These HMIs serve as crucial access points to industrial machines, allowing users to control and monitor machinery performance.
The urgency for action stems from the growing threat posed by hackers who have demonstrated the ability to exploit vulnerabilities in internet-exposed HMIs. The Environmental Protection Agency (EPA) and the Cybersecurity and Infrastructure Security Agency (CISA) jointly released a statement detailing the potential risks associated with unauthorized access to these critical systems.
The statement highlighted a concerning incident in 2024 where pro-Russia hacktivists manipulated HMIs at Water and Wastewater Systems, causing disruptions in operations. By tampering with system settings, the hackers managed to exceed normal operating parameters of water pumps and blower equipment, forcing facilities to resort to manual operations.
To address this pressing issue, the EPA and CISA outlined 11 mitigation strategies that organizations should implement to enhance their security posture. One of the key recommendations is to disconnect HMIs and other accessible systems from the public-facing internet, if feasible. While this may not always be practical, the agencies emphasized the importance of updating software, resetting passwords, and restricting access to authorized personnel.
In response to the statement, cybersecurity experts have underscored the need for organizations to reassess their security measures. Eric Schwake, Director of Cybersecurity Strategy at Salt Security, emphasized the broader need to secure all internet-facing components of critical infrastructure, including HMIs. Venky Raju, Field CTO at ColorTokens, highlighted the challenges faced by organizations, particularly in the municipal sector, in securing HMIs due to budget constraints.
The threat posed by malware targeting industrial control systems (ICS), Internet of Things (IoT), and operational technology (OT) devices has also come to the forefront. Recent reports have revealed the existence of malware designed specifically to compromise HMIs, routers, programmable logic controllers (PLCs), and other Linux-based IoT/OT platforms, posing a significant risk to critical infrastructure.
As organizations navigate the evolving cybersecurity landscape, the importance of safeguarding industrial environments against emerging threats cannot be overstated. External pressure from regulators, insurance companies, and government agencies is driving organizations to shore up their defenses and secure their networks against potential cyber threats.
In conclusion, the call to secure internet-exposed HMIs serves as a stark reminder of the vulnerabilities present in critical infrastructure. By heeding the recommendations outlined by regulatory bodies and implementing robust cybersecurity measures, organizations can enhance their resilience against cyberattacks and safeguard the integrity of industrial operations.