Skip to main content
The Dragos Blog

04.17.24 | 2 min read

OT Cyber Threat Landscape for the U.S. Water & Wastewater Sector 

Dragos, Inc.

Information provided here is sourced from Dragos OT Cyber Threat Intelligence adversary hunters and analysts who conduct research on adversary operations and their tactics, techniques, and procedures (TTPs). Dragos OT cyber threat intelligence is fully reported in Dragos WorldView threat intelligence reports and is also compiled into the Dragos Platform for threat detection and vulnerability management.

The water and wastewater sector is a critical component of modern life, providing essential services to billions of people every day. However, water systems are increasingly becoming a target for cyber adversaries, posing significant risks to public health and safety. The Dragos Water & Wastewater Threat Perspective produced by Dragos OT Cyber Threat Intelligence highlights several key trends and threats that have emerged in recent years, emphasizing the need for robust cybersecurity measures to protect vital industrial control systems (ICS) in operational technology (OT) environments. 

Key Findings: What You Need to Know 

Following are the key findings from the threat report:

  • Publicly Disclosed Cyber Events: Between 2006 and early 2023, there were 27 publicly disclosed cyber events within the United States water and wastewater sector, with only three of these events impacting industrial processes and operations directly. 
  • Cyber Attack Surface: Lift and pump stations and treatment facilities present the largest potential digital attack surface in the sector, due to complex supply chains, vendor ecosystems, and connectivity between IT and OT systems. 
  • Vulnerable Systems Controllers: Controllers, including programmable logic controllers (PLCs) and variable frequency drives (VFDs), are pivotal for the operation of water and wastewater systems. However, nearly 60 percent of identified vulnerabilities in OT systems used in the sector are related to these controller assets. 
  • Remote Access Technologies: One of the most significant vulnerabilities in the water and wastewater sector is the exploitation of remote access technologies. These technologies, while essential to operational efficiency, provide an entry point for cyber adversaries to gain unauthorized access to critical industrial control systems. 
  • Exposed Assets and Poor Network Segmentation: Many water and wastewater organizations lack sufficient network segmentation and multifactor authentication measures. This deficiency allows adversaries to access the OT environment through exposed assets and attacks in the IT environment, capitalizing on these weaknesses.  

Crossing the Rubicon: Hacktivist Intrusions Against Israeli-Made OT

After consistent promotion of misleading claims targeting companies in the Middle East, a hacktivist group, the self-styled CyberAv3ngers, broadened their operations and stepped up their objectives late in the year with attacks on programmable logic controllers (PLCs) used by water utilities across North America, Europe, and Australia with an anti-Israel message. 

Watch the On-Demand Webinar

How to Address Cybersecurity Risks to the Water Sector 

To address these pressing cybersecurity challenges requires enhancing the security of remote access, implementing rigorous vulnerability management processes, and developing a defensible network architecture. By adopting these proactive measures, organizations can strengthen their cybersecurity resilience and better protect critical infrastructure assets. In addition to implementing essential security controls, robust asset monitoring and threat detection are essential components of a comprehensive cybersecurity strategy. By continuously monitoring network assets and analyzing system behavior, organizations can quickly detect and respond to potential cyber threats before they escalate into full-blown incidents. 

The SANS Institute recommends five critical controls to ensure world-class ICS and OT cybersecurity. These five critical controls include: an ICS-focused incident response plan, a defensible architecture, OT network visibility and monitoring, secure remote access, and risk-based vulnerability management. You can learn more about the five critical controls by downloading our guide, “5 Critical Controls for World-Class OT Cybersecurity.” 

Leveraging OT-native cybersecurity technology, like the Dragos Platform, ensures your OT environments are being protected by the expertise required for these critical environments. The Dragos Platform provides the OT-native asset visibility and monitoring, threat detection, and vulnerability management capabilities you need, which are continuously being updated with the latest ICS-focused threat intelligence and frontline insights for mitigating potential threats. Ready to see the platform in action, request a demo or learn more about our technology and solutions at dragos.com.  

Get the Complete Water & Wastewater Threat Analysis 

Download our comprehensive analysis with actionable recommendations for protecting essential operational technology infrastructure. 

SKIP

Ready to put your insights into action?

Take the next steps and contact our team today.