When it comes to securing, monitoring, and testing key infrastructure in the Water Industry, you need experts who specialize in Industrial Control Systems and distribution supply chains.
TRUE specializes in securing complex environments and core infrastructure that include SCADA or Industrial Control Systems. When you are ready to evaluate new technologies for modernizing your environment, our experts can help you consider security in your architecture from day one. Security by design will save you cycles later on, maximize ROI on your investment, reduce risk, and help prevent attacks.
Ongoing Cyber Threats to U.S. Water and Wastewater Systems
"This joint advisory is the result of analytic efforts between the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Agency (CISA), the Environmental Protection Agency (EPA), and the National Security Agency (NSA) to highlight ongoing malicious cyber activity—by both known and unknown actors—targeting the information technology (IT) and operational technology (OT) networks, systems, and devices of U.S. Water and Wastewater Systems (WWS) Sector facilities. This activity—which includes attempts to compromise system integrity via unauthorized access—threatens the ability of WWS facilities to provide clean, potable water to, and effectively manage the wastewater of, their communities...
To secure WWS facilities—including Department of Defense (DoD) water treatment facilities in the United States and abroad—against the TTPs listed below, CISA, FBI, EPA, and NSA strongly urge organizations to implement the measures described in the Recommended Mitigations section of this advisory..."
WWS Sector cyber intrusions from 2019 to early 2021 include:
Malicious cyber actors use Ghost variant ransomware against a California-based WWS facility. Ransomware variant was in systems a full month before three (3) supervisory control and data acquisition (SCADA) servers displayed a ransomware message.
Cyber actors use remote access to introduce ZuCaNo ransomware onto a Maine-based WWS facility’s wastewater SCADA computer. Treatment system was run manually until the SCADA computer was restored using local control and more frequent operator rounds.
Cyber actors use unknown ransomware variant against a Nevada-based WWS facility. Ransomware affect the victim’s SCADA system and backup systems. SCADA system provides visibility and monitoring but is not a full industrial control system (ICS).
Personnel at a New Jersey-based WWS facility discovered potential Makop ransomware had compromised files within their system.
Former employee at Kansas-based WWS facility unsuccessfully attempts to threaten drinking water safety by using his user credentials, which were not revoked at the time of his resignation, to remotely access a facility computer.
Identify Next Steps With TRUE's Risk Advisory Services
Water facilities are high value targets for attackers, so identifying key gaps and vulnerabilities that could be used in a cyber attack can make a significant difference in your security posture. TRUE's Risk Advisory services give you an objective evaluation your environment and offer you a prioritized security roadmap. Our team will help you identify which steps will make the most significant difference right away so you can know where to start.
TRUE will help you establish baselines for protecting your environment and implement best security practices. We also offer a security program management portal, TrueSpeed, for our clients to use in planning and executing key initiatives, tracking their security posture, and gaining visibility into ongoing network monitoring.
TRUE's Security Information and Event Management Solution unifies prevention, detection, and response in a seamless service-technology offering powered by our own 24x7x365, US-based Security Operations Center (SOC). TRUE’s certified analysts leverage a powerful enterprise tool stack that incorporates machine learning and automation to speed up response processes. TrueSIEM provides prevention, detection, and response across your network, rapid elimination of threats with fully automated, policy-driven response capabilities, and complete visibility into the endpoint environment with full-context, real-time forensics.
TRUE specializes in protecting core U.S. infrastructure from our SOC, including utilities at a regional and national level.
Attackers count on you to be too busy to investigate every alert, in every platform, every day. However, these alerts give context when you are experiencing broader, more layered and targeted attack, like those we have seen in the last two years. No longer are we dealing with a simple ransomware instance. You need to know when someone is navigating laterally through your environment, adding or deleting accounts, changing configurations. If you want to truly stop attacks, you need to be actively threat hunting throughout your network – all day, all night, 365 days per year.
TrueSIEM not only includes Next Gen Protection, but advanced capabilities, including:
Rapid Correlation of Threat Information
Active Threat Hunting
Automated Playbooks to Speed Up Response
Get Started with True Digital Security
Start Protecting Systems and Reduce Risk Exposure.