Tech News
Water Facilities Must Secure Exposed HMIs – Warns CISA
As attackers threaten key utility facilities, CISA warns water and waste facilities to protect online HMIs. The cyber defense agency warns of severe security threats to exposed HMIs that may disrupt usual operations.
CISA Asks Water Facilities To Secure Online HMIs
The US Cybersecurity and Infrastructure Security Agency (CISA), together with the Environmental Protection Agency (EPA), warns water and waste systems facilities (WWS) of potential cyber threats exploiting exposed HMIs.
Sharing the alert via a recent factsheet, the two agencies ask all water systems facilities to secure their online Human Machine Interfaces (HMIs). Threat actors may scan the web for exposed and vulnerable HMIs to exploit vulnerabilities.
HMIs constitute an important part of the overall operational technology infrastructure of WWS facilities. As the factsheet explains, these systems help OT owners and admins “to read Supervisory Control and Data Acquisition (SCADA) systems connected to programmable logic controllers (PLCs).” Given their critical role, adversaries may target and exploit vulnerable HMIs to view and modify sensitive HMI contents, such as security settings, disrupting the facilities’ operations.
The defense agency also backed their alert with a recent similar incident where the pro-Russia hacktivists conducted the attacks.
CISA and EPA advise WWS facilities to tighten their HMI systems’ security to prevent such threats. Some measures facilities may take in this regard include,
- Conducting thorough scans for internet-facing devices.
- Protect online HMIs by disconnecting them from the public-facing internet or deploying password protections.
- Implement network segmentation and geo-fencing to restrict unauthorized access.
- Keep all HMI systems updated with the latest security patches from the vendor.
Cyberattacks against critical infrastructure, such as WWS facilities, aren’t new. Instead, threat actors have long been targeting such facilities to disrupt everyday operations, particularly for state-backed attacks. That includes everything from exploiting OT vulnerabilities to ransomware attacks. Hence, such facilities must implement security best practices and adequate staff awareness and training to prevent such threats.
Let us know your thoughts in the comments.
-
Destination3 months ago
Singapore Airlines CEO set to join board of Air India, BA News, BA
-
Tech News7 months ago
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Motivation6 months ago
The Top 20 Motivational Instagram Accounts to Follow (2024)
-
Guides & Tips5 months ago
Have Unlimited Korean Food at MANY Unlimited Topokki!
-
Guides & Tips5 months ago
Satisfy Your Meat and BBQ Cravings While in Texas
-
Gaming4 months ago
The Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
-
Self Development7 months ago
Don’t Waste Your Time in Anger, Regrets, Worries and Grudges
-
Toys6 months ago
15 of the Best Trike & Tricycles Mums Recommend