Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label IRGC. Show all posts

EPA Report Reveals Cybersecurity Risks in U.S. Water Systems

 

A recent report from the Environmental Protection Agency (EPA) revealed that over 70% of surveyed water systems have failed to meet key cybersecurity standards, making them vulnerable to cyberattacks that could disrupt wastewater and water sanitation services across the United States. 

During inspections, the EPA identified critical vulnerabilities in numerous facilities, such as default passwords that had never been updated from their initial setup. In response, the agency issued an enforcement alert, urging water system operators to improve their cybersecurity measures. Recommended actions include conducting an inventory of operational assets, implementing cybersecurity training programs, and disconnecting certain systems from the internet to enhance security. 

The EPA has announced plans to increase inspections of water infrastructure and, when necessary, take civil and criminal enforcement actions to address any imminent and substantial threats to safety. Under Section 1433 of the Safe Water Drinking Act, community water systems serving over 3,300 people are required to perform comprehensive safety assessments and update their emergency response plans every five years. 

The high failure rate reported by the EPA indicates potential violations of this section, highlighting missed opportunities to protect these essential services through risk and resilience evaluations. This alert follows a series of cyber incidents over the past year, where nation-state hackers and cybercriminal groups have targeted water systems. These attacks have included unauthorized access to water treatment control systems, manipulation of operational technology, and other forms of sabotage. The regulatory environment for U.S. water systems is complex, often involving state and local government oversight.

Many rural water operators, unlike their federal counterparts, lack sufficient resources to bolster their digital defenses. While the EPA has attempted to enforce stricter security mandates, these efforts have faced legal challenges from GOP-led states and industry groups. In October, the EPA rescinded a directive that would have required water providers to assess their cybersecurity measures during sanitation surveys. Nation-state adversaries, including Chinese and Iranian hacking groups, have frequently breached U.S. water infrastructure. 

China's Volt Typhoon group has been particularly active, infiltrating critical infrastructure and positioning themselves for further attacks. In one instance, Iranian Revolutionary Guard Corps-backed hackers targeted industrial water treatment systems, and more recently, Russia-linked hackers breached several rural U.S. water systems, posing significant safety risks. In March, the EPA and the National Security Council issued a joint alert, urging states to remain vigilant against cyber threats targeting the water sector. The alert emphasized that drinking water and wastewater systems are attractive targets for cyberattacks due to their critical role and often limited cybersecurity capabilities. 

Moreover, a Federal Energy Regulatory Commission (FERC) official recently testified about the vulnerability of dam systems to cyberattacks, indicating that new cybersecurity guidelines for dams could be developed within the next nine months. The EPA's report underscores the urgent need for improved cybersecurity measures in U.S. water systems to protect these vital resources from potential cyber threats.

US Authorities Identify Iranian Connection in Recent Cybersecurity Breaches

 


It has been announced that six Iranian officials have been sanctioned by the U.S. Department of Treasury's Office of Foreign Assets Control (OFAC), the Iranian government organization responsible for the series of malicious cyber activities directed against critical infrastructure in the U.S. and other countries. This organization is a part of the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC). 

IRGC-affiliated cyber actors have been involved in recent cyber operations where they hacked and posted images on the screens of programmable logic controllers (PLCs) manufactured by Unitronics, an Israeli company. U.S. authorities are acting against these individuals in response to these recent cyber operations. 

The control devices in water and other critical infrastructure systems, such as PLCs, are sensitive targets. However, even though no critical services have been disrupted during this operation, unauthorized access to critical infrastructure systems can enable actions that are harmful to the public and can have devastating humanitarian effects. 

According to an official statement released by the US Department of Treasury, officials with the Iranian Islamic Revolutionary Guard Corps (IRGC) responsible for cyber attacks against critical infrastructure have been sanctioned. As a result of recent actions taken by actors affiliated with the IRGC involving the hacking of technology manufactured by the Israeli company Unitronics in water and wastewater facilities, this action has been taken to address the issue. 

In a cyber attack against the municipal water system of Aliquippa, Pennsylvania, as well as other water systems throughout the country, a group called CyberAv3ngers, affiliated with the IRGC, has claimed responsibility for the attack. Several critical services were not disrupted, and the U.S. coordinated with the private sector and other affected countries to resolve the incidents.

It is important to keep in mind, however, that Treasury offices warn that cyberattacks “can be destabilizing and potentially escalatory” if they are accessed by unauthorized individuals and that such access can lead to actions that may damage the public and cause devastating humanitarian consequences. 

Iranian Revolutionary Guard Corps (IRGC) officials responsible for cyber attacks against critical infrastructure have been sanctioned by the U.S. Department of the Treasury for their role in the attacks. A spokesperson for the Treasury Department for Terrorism and Financial Intelligence, Brian E. Nelson, in his statement, described the intentional targeting of critical infrastructure as an unacceptable, dangerous, and unconscionable act. 

In addition to this, the United States stated that the perpetrators would not be tolerated and that they would be held accountable using all the tools and authority at our disposal. The six sanctioned individuals were all designated as leaders of the Revolutionary Guard Corps Cyber-Electronic Command, IRGC-CEC, and as officials of the command. American companies and individuals are prohibited from trading with the six individuals and companies sanctioned. 

Currently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is providing resources such as the recently released Incident Response Guide for the water and wastewater sector to support entities they call “target-rich, cyber-poor,” such as water and wastewater utilities. This is an effort to provide resources to the target-rich, cyber-poor entities. 

In this regard, CISA considers that a few nations pose a threat because of their sophisticated malicious cyber activity intended to sustain prolonged system intrusions, including China, Russia, North Korea, and Iran. A cyber attack on critical targets such as the water, transportation and energy sectors was accused by U.S. authorities just last week, which was linked to hacker networks linked to the Chinese Government. 

It is reported that OFAC has added 6 individuals to its Specially Designated Nationals list. They are Hamid Homayunfal, Hamid Reza Lashgarian, Reza Mohammad Amin, Mahdi Lashgarian, Milad Mansuri, Reza Mohammad Amin Siberian and Mohammad Bagher Shirinkar. 

According to the statement, Hamid Reza Lashgarian is the director of the IRGC's Cyber and Intelligence Center, a commander in the IRGC's Quds Force, and he has been involved in several IRGC operations related to cyber and intelligence. 

In addition to Hamid Reza Lashgarian, the deputy commander of the IRGC-CEC, he is also supported by senior officials Hamid Reza Lashgarian, Mahdi Lashgarian, Hamid Homayunfal, Milad Mansuri, Mohammad Bagher Shirinkar, and Reza Mohammad Amin Saberian. It is now illegal for these designated individuals to own assets in the US and you must stop all transactions that involve property in this country involving any assets owned by these individuals.

Financial institutions and individuals responsible for transacting with sanctioned entities and individuals may face criminal prosecution if they are found to have engaged in such transactions or activities. However, the statement also stated: "The United States remains deeply concerned about the targeting of these systems, and it warns that cyber operations that intentionally damage or otherwise impair the operation and use of critical infrastructure in order to deliver services to the public are destabilizing and could escalate. "Insider reports show that Iranian cyber actors have not been targeting US infrastructure for the first time.