US National Security Advisor Jake Sullivan suggests state-sponsored cyber attacks on US critical infrastructure could be prelude to war

The White House has issued a stark warning to water companies across the United States following a series of cyber attacks on water and wastewater infrastructure. These attacks, believed to be carried out by state-sponsored groups linked to Iran and China, have raised concerns that they may be part of a broader strategy in preparation for potential military conflicts.

In a letter co-signed by Jake Sullivan, President Biden's National Security Advisor, it was emphasized that drinking water and wastewater systems are attractive targets for cyber attacks due to their critical importance and the often inadequate cybersecurity measures in place. The letter specifically highlighted the exploitation of Unitronics programmable logic controllers used in these systems and referred to a previous alert issued by the US Cybersecurity & Infrastructure Agency.

The Iranian government's Islamic Revolutionary Guard Corps (IRGC) was identified as being responsible for malicious cyber attacks on US critical infrastructure entities, including drinking water systems. These attacks targeted and disabled operational technology that had neglected to change default manufacturer passwords.

The letter also highlighted the threat posed by Volt Typhoon, a state-sponsored hacking group associated with China. This group has compromised the IT systems of multiple critical infrastructure systems, including drinking water facilities. The letter cautioned that Volt Typhoon's choice of targets and behavior indicate a departure from traditional cyber espionage, suggesting they may be positioning themselves to disrupt critical infrastructure operations in the event of geopolitical tensions or military conflicts.

The potential risks associated with these cyber attacks are particularly concerning given the escalating tensions between China and Taiwan. The letter alluded to the possibility of a "digital Pearl Harbor" if conflict were to erupt over Taiwan, with the US committed to supporting the island in the event of a full-scale invasion by China.

In response to these threats, the letter urged water companies to enhance their cybersecurity practices and adopt necessary controls to mitigate risks. It emphasized the importance of basic cybersecurity precautions such as changing default passwords and updating software to address known vulnerabilities.

The US government plans to hold a meeting involving Homeland Security to enforce security improvements in infrastructure organizations. Additionally, the Environmental Protection Agency (EPA) will establish a Water Sector Cybersecurity Task Force to identify vulnerabilities, address challenges, and develop strategies to reduce the risk of cyber attacks on water systems nationwide.

The UK's National Cyber Security Centre has also expressed concerns about the security of critical infrastructure, highlighting the struggle to keep up with evolving threats from malicious actors. Southern Water in the UK, for example, has fallen victim to cyber attacks by the Black Basta ransomware group, compromising personal and financial data of customers as well as confidential employee information.

These incidents serve as a stark reminder of the urgent need for improved cybersecurity measures to protect critical infrastructure from state-sponsored cyber threats.