Until something goes wrong, we never worry about water. The news of a Danish water utility cyberattack attributed to Russia is another example of an attack with a different purpose. The purpose of this incident was not 'espionage', but was instead an attempt to cause 'disruption'.
As someone who has been following cyber stories for some time, I have always viewed cyberattacks against water systems in a particularly alarming way. When essential services are the target, I view these types of attacks as particularly serious.
The attack did not result in the failure of service. However, if you were to lose all of your sensors while driving a car, performing the same functions would pose significant risks.
The reasons these utilities make good targets include:
To put it in more basic terms, it was a planned event, as opposed to being random. In essence, cyberattacks such as this utilize violence without guns; very unnerving!
As someone who has been following cyber stories for some time, I have always viewed cyberattacks against water systems in a particularly alarming way. When essential services are the target, I view these types of attacks as particularly serious.
What was this attack about?
Danish authorities reported that hacking groups compromised systems used for monitoring & controlling water facilities. Although normally automated, the attack required staff to manually operate the equipment.The attack did not result in the failure of service. However, if you were to lose all of your sensors while driving a car, performing the same functions would pose significant risks.
How come water utilities are so easy to attack?
Because water utilities don't appear to be 'hip' or 'cool', that could also explain why they are easy targets. The majority of these companies (with very few exceptions) still rely on outdated computers and control systems.The reasons these utilities make good targets include:
- These antiquated systems do not have regular security updates
- The budgets for security tend to be small
- Remote access to these systems makes the jobs easier and provides hackers with a means of accessing these systems
Why Denmark points to Russia
Denmark has indicated that attacks following established Russian cybercrime techniques of Europe had similarities with Russia. The Danish authorities conducted an analysis of how the attacks worked prior to attaching a name.To put it in more basic terms, it was a planned event, as opposed to being random. In essence, cyberattacks such as this utilize violence without guns; very unnerving!
