The Cybersecurity and Infrastructure Security Agency (CISA) is actively responding to a cyber threat involving the exploitation of Unitronics programmable logic controllers (PLCs) within the Water and Wastewater Systems (WWS) Sector. The threat actors are specifically targeting PLCs associated with WWS facilities, with a confirmed incident at a U.S. water facility. Following the attack, the affected municipality’s water authority promptly took the system offline and shifted to manual operations, ensuring there is no known risk to the drinking water or water supply of the community. Water and wastewater treatment facilities rely on PLCs to control and monitor various processes, including pump station operations, chemical flow pacing, compliance data gathering, and alarm announcements.
The compromise of these systems poses a significant threat to the ability of WWS facilities to deliver clean, potable water and manage wastewater effectively in their communities. The cyber threat actors likely exploited cybersecurity weaknesses, such as poor password security and exposure to the internet, to gain unauthorized access to the affected PLC—a Unitronics Vision Series PLC with a Human Machine Interface (HMI). To address this threat, CISA is urging organizations to take immediate action, including changing default passwords, implementing multifactor authentication for remote access, disconnecting PLCs from the open internet, and updating PLC/HMI systems to the latest versions provided by Unitronics.
The alert emphasizes the importance of these measures to safeguard water systems against potential cyber threats and highlights specific steps, such as using different TCP ports and employing PCOM/TCP filters, to enhance the security posture of PLCs. The urgent call to action underscores the critical need for heightened cybersecurity measures to protect essential infrastructure and ensure the safety and reliability of water supplies for communities.
Read more
