Critical-infrastructure attack attempted against Israeli water supply


Israel appears to have thwarted a large-scale attempt at a critical-infrastructure cyber attack against its national water supply. An internal report from Israel’s Water Authority indicates that the incident occurred between Friday, April 24 and Saturday, April 25.

According to a statement from Israel’s National Cyber Directorate, the attempted attack targeted the command and control systems of Water Authority’s wastewater treatment plants, pumping statements, and sewage infrastructure. A follow-up statement from the Water Authority and National Cyber Directorate reported the incident appeared to be coordinated, but no damage had occurred.

Organisations affected by the attempted attack were ordered to immediately reset the passwords for all of the facility’s operational technology (OT) systems—especially those related to chlorine control—and ensure all control software was updated. If it’s not possible to change the passwords for certain systems, personnel were advised to disconnect these systems from the internet entirely.

This attempted attack highlights that while water infrastructure often eludes the public’s attention as a major source of cyber risk, it remains susceptible to both targeted and non-targeted threats.

A combination of legacy systems, growing connectivity, and federated management—most water utilities are owned and operated at a local level—warrants a high prioritisation of cybersecurity for the water and wastewater sectors on a global level…Click here to find out more.