Cyber incident against a water treatment plant in San Francisco Bay Area (2021)

From International cyber law: interactive toolkit
Jump to navigation Jump to search
Date January 15, 2021.[1]
Suspected actor Unknown attacker.
Target Water treatment plant in San Francisco.
Target systems N/A
Method The attacker had the login details of a plant employee’s TeamViewer account, a program which allows users remotely connect to and control their work computers. Once the attacker gained access, they deleted programs which the plant used to treat drinking water.[2]
Purpose Unknown.
Result The attack was discovered the day after the account was compromised. Accordingly, passwords were changed and the deleted programs were reinstalled. No harm was reported to local citizens reliant on the plant’s water.[2]
Aftermath Several similar, but unsuccessful, cyber attacks on water treatment plants followed using similar means.[3] Consequently, the Biden administration in conjunction with the U.S. Environmental Protection Agency announced the ‘Industrial Control Systems Cybersecurity Initiative – Water and Wastewater Sector Action Plan’ in January 2022, an initiative designed to strengthen the cyber-resilience of water treatment plants.[4]
Analysed in Scenario 29: Cyber operations against water and water infrastructure

Collected by: Tom Davies