Federal government partners have just released a Joint Cybersecurity Advisory on the recent compromise of a U.S. water treatment facility in which a hacker was able to change a treatment chemical dosage in real time. This email provides a copy of the advisory which includes a summary of the incident informed by personnel who assisted with the onsite response, threat overviews based on what was observed, and series of recommendations organizations are encouraged to consider to protect themselves against similar activity.
Threat Overviews for Desktop Sharing Software and Windows 7 End of Life The advisory states cyber actors likely accessed the system by exploiting cybersecurity weaknesses, such as an outdated operating system (Windows 7), and that it is possible a desktop sharing software (TeamViewer) may have been used to gain access to the system. Based on these findings and observations from other activity, the advisory includes threat overviews for desktop sharing software and Windows 7 end of life. These threat overviews discuss how cyber actors have been observed exploiting these systems for malicious activities.
Recommendations, including for Water and Wastewater Systems The advisory includes a specific recommendations category for water and wastewater systems, which emphasizes the importance of installing independent cyber-physical safety systems. As the advisory notes, these are systems that physically prevent dangerous conditions from occurring if the control system is compromised by a threat actor. It observes these types of controls can be of particular benefit to smaller systems, such as the one involved in the recent incident, which may have limited cybersecurity capabilities. The advisory also includes lists of general recommendations and TeamViewer software recommendations.