In response to the growing threat by pro-Russia hacktivists, on May 1, 2023, CISA and other national agency partners issued an Alert to operators of industrial control systems and small-scale operational technology systems in North America and Europe on mitigation techniques for cyber operations to prevent a compromise of industrial control systems, including “Water and Wastewater Systems, Dams, Energy, and Food and Agriculture Sectors.”

The Alert, entitled “Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity”, outlines the ongoing threat posed by pro-Russia hacktivists concentrating remote control over industrial control systems, including successful attacks against several U.S.-based wastewater systems, which caused disruption in the systems, including “causing water pumps and blower equipment to exceed their normal operating parameters,…altered settings, turned off alarm mechanisms, and changed administrative passwords to lock out the WWS operators.”

The Alert provides mitigations to prevent and respond to the ongoing threat that industrial control operators may wish to review.

This post was authored by Data Privacy + Cybersecurity Team chair Linn Foster Freedman and is also being shared on our Data Privacy + Cybersecurity Insider blog. If you’re interested in getting updates on developments affecting data privacy and security, we invite you to subscribe to the blog.