Britain’s security agency has urged the nation’s water sector to apply best security practices after a US operator suffered an intrusion into its industrial control systems.
The US Cybersecurity and Infrastructure Security Agency (CISA) revealed earlier this week that an unnamed facility had been taken offline and put into manual operation after its Unitronics programmable logic controllers (PLCs) were compromised.
The UK’s National Cyber Security Center (NCSC) downplayed the immediate severity of the threat to the country’s providers, but urged caution.
“The operation is of limited sophistication and is very unlikely to disrupt the current water supply,” it said in a statement on the incident.
“There is a very low potential risk, if the threat is not mitigated, to some small suppliers. As such, the NCSC encourages organizations using Unitronics controllers to follow the steps outlined in the CISA Cybersecurity Advisory.
This opinion recommended the following:
- Change all default passwords on PLCs and human-machine interfaces (HMIs) and use a strong password
- Mandate multi-factor authentication (MFA) for all remote access to the operational technology (OT) network
- Disconnect the controller from the public Internet and set up a firewall/VPN in front of the controller to control network access.
- Use an allowed list of IP addresses to access the controller
- Back up logic and configurations on all Unitronics controllers to enable rapid recovery and become familiar with the factory reset process in the event of ransomware.
- Use a TCP port other than the default port (TCP 20256)
- Update Unitronics PLCs/HMIs to the latest version
THE The NCSC has already highlighted a “significant and lasting” threat to critical infrastructure operators like water companies, according to national director of resilience and future technologies, Jonathon Ellison.
“Our American counterparts, CISA, have issued an advisory describing a threat to the water sector. » he added. “We are informing UK suppliers of this threat and recommending that they protect consumers by following the mitigation advice set out by CISA.”