Cyber incident against a water treatment plant in San Francisco Bay Area (2021)
Jump to navigation
Jump to search
Date | January 15, 2021.[1] |
---|---|
Suspected actor | Unknown attacker. |
Target | Water treatment plant in San Francisco. |
Target systems | N/A |
Method | The attacker had the login details of a plant employee’s TeamViewer account, a program which allows users remotely connect to and control their work computers. Once the attacker gained access, they deleted programs which the plant used to treat drinking water.[2] |
Purpose | Unknown. |
Result | The attack was discovered the day after the account was compromised. Accordingly, passwords were changed and the deleted programs were reinstalled. No harm was reported to local citizens reliant on the plant’s water.[2] |
Aftermath | Several similar, but unsuccessful, cyber attacks on water treatment plants followed using similar means.[3] Consequently, the Biden administration in conjunction with the U.S. Environmental Protection Agency announced the ‘Industrial Control Systems Cybersecurity Initiative – Water and Wastewater Sector Action Plan’ in January 2022, an initiative designed to strengthen the cyber-resilience of water treatment plants.[4] |
Analysed in | Scenario 29: Cyber operations against water and water infrastructure |
Collected by: Tom Davies
- ↑ NBC News, ‘50,000 security disasters waiting to happen: The problem of America's water supplies’ (17 June 2021)
- ↑ 2.0 2.1 Security Affairs, ‘Threat actors in January attempted to poison the water at a US facility’ (21 June 2021).
- ↑ Cyble, ‘Water and Wastewater treatment facilities vulnerable to Cyber Attacks’ (4 May 2022).
- ↑ U.S. Environmental Protection Agency, ‘EPA Announces Action Plan to Accelerate Cyber-Resilience for the Water Sector’ (27 January 2022).