There may be nothing more scary than the prospect of bad actors cutting off or poisoning our water supply. Yet utilities worldwide face this threat every single day.
The US Environmental Protection Agency recently introduced new cybersecurity requirements for public water systems following incidents over the last three years: ransomware attacks on water systems in New Jersey, Nevada, Maine and California, and an attempted poisoning of a water treatment plant in Florida.
Strategies to detect, prevent or mitigate cyberattacks on water systems were among the 45 Israeli technologies on display at an international water conference and expo held in June by Israel’s Export Institute and Water Authority in Tel Aviv.
Ayelet Nahmias-Verbin, chairman of the Israel Export Institute, said it was “amazing to see the most powerful countries in the world sending senior officials to Israel to learn what we can offer the world in the areas of water security, cyber protection of water facilities, emergency assessments and control systems. There is no doubt that the most essential assessment today is not only the production and control of water but the protection of this critical infrastructure.”
“At the conference, we met with water company delegations from countries including Cyprus, Romania and Taiwan. They all have the same problems and everyone is searching for solutions,” says Sneer Rozenfeld, CEO of Cyber 2.0 in Rishon LeZion.
“I hosted a roundtable and I realized I was sitting with the most important people in the world – the people whose business is making sure water gets to everyone. Because where there is no water, there is no life.”
Infrastructure, not information, at risk
Water utilities are especially vulnerable to cyberattacks against their operational technology (OT) infrastructure, including pumps and filters.
“Many of these OT systems are from the 70s and 80s and were not built with cybersecurity in their design, which means it’s a very insecure environment,” says Ilan Sosnovitch, global channel partner manager of SIGA.
“These are the main assets that attackers will try to compromise. They’re not trying to steal data; they’re trying to damage the equipment or endanger human lives by changing how the utility operates.”
Amos Halfon, VP sales of Salvador Technologies, tells ISRAEL21c that attacks on OT are increasing and getting more aggressive, endangering any computer-controlled system from water treatment and delivery to medical devices.
“It’s like a war,” says Halfon. “It’s not just stealing a database but stopping production.”
SIGA, Cyber 2.0 and Salvador each have different roles in shielding water supplies around the world from the disastrous paralysis of an OT attack.
The first performs anomaly detection, the second prevents a breach from spreading through the network, and the third enables an attacked utility to recover operations within a minute.
SIGA, based in Omer, secures critical OT assets by directly monitoring the electrical signals from pumps, engines and chemical injection systems. SigaGuard alerts to changes that may indicate a cyber breach, malfunction or misuse.
“Our AI-based system learns what the normal behavior is for these processes and its anomaly detection capabilities analyze that performance in real time to find any manipulation that is endangering the way these assets normally operate,” Sosnovitch explains.
The product can detect an anomaly even when an attacker was able to gain access to a control system.
SigaGuard is installed in oil and gas, power and water facilities in North and South America, Europe and Singapore.
One of its first installations was at Jerusalem’s water utility, Hagihon, in 2017, helping to establish the company in the water sector.
“We also have the capability to actually induce different threat scenarios into the system to see that our system responds appropriately during an actual event,” Sosnovitch says.
SigaGuard had its first US pilot in 2018, when a Chicago-based water innovation hub matched the Israeli startup with the Metropolitan Water Reclamation District of Greater Chicago, serving approximately 10.3 million people daily.
In April 2021, Iranian hackers attempted to over-chlorinate the water at six Israeli Water Authority facilities. These fortunately unsuccessful attacks prompted the Water Authority to set up a security operations center and SIGA was chosen as one of its solutions to monitor sensitive locations.
Cyber 2.0 was established in 2015 to ensure that if a single computer is penetrated and infected – something that can happen “in every given moment, in every company,” says Rozenfeld – the virus cannot spread across an organization’s entire network.
Cyber 2.0’s cyber defense product is built with chaos algorithms that halt an attack even before identifying what caused it.
“One of our first customers was the Jordan River Water Authority. Five years ago, they said, ‘You’re doing a great job with our computers, but we have a problem with our water pumps around the Kinneret [Sea of Galilee] and our fear is someone attacking those pumps.’
“That was an amazing challenge because our system was built to protect computers and servers. We never thought about industrial operational technology,” says Rozenfeld.
“We started adapting our system for protecting not just the water company but also its critical assets.”
Today, Cyber 2.0 protects 60 percent of the municipal water utilities in Israel, helping to avoid possible attempts to encrypt water pumps or poison the water supply.
At the June conference, the company introduced its services to overseas water authorities and now has a pilot project with the Gulf Coast Water Authority serving 19 million customers in Houston, Texas.
“Let’s say someone tries to manipulate the computer controlling how much water to pump and how much chlorine and other elements to add,” says Rozenfeld, whose company also has an office in Atlanta, Georgia.
“If that computer is protected by Cyber 2.0, we will know it immediately and our gateway will monitor and scramble all communication from computer to pump. If someone tries to connect a laptop to the water pump, our gateway won’t allow it because it wasn’t preapproved. Only preapproved software and hardware can communicate with the water pump. Anything else cannot get through.”
Whereas Siga can detect a problem and Cyber 2.0 can stop a virus from spreading, Salvador Technologies of Rehovot can return an attacked water system to normal functioning.
Salvador’s plug-and-play device enables hacked utilities to implement full instant recovery in one click, says Halfon.
“There are a lot of preventative solutions, but these solutions aren’t for what happens when an OT attack does happen, and that’s what we try to do.”
Salvador has more than 200 installations in hospitals, chemical plants, water and electricity utilities in Israel, the UK, Turkey, Poland and France.
The company recently won funding for a $2.2m cybersecurity project from the Israel-United States Binational Industrial Research and Development (BIRD) Foundation to develop an AI-driven automated vulnerability management and recovery platform with US-based cybersecurity startup Bastazo.
“You connect our box by USB to your computer and it creates redundancy by making three copies of your original disk constantly,” Halfon tells ISRAEL21c.
These cloned disks have no external connection, meaning they cannot be seen by hackers and therefore cannot be attacked directly.
“If someone attacks the main computer on critical infrastructure you can boot from our device in 30 seconds and it allows a return to normal production,” says Halfon.
Sharon Caro, VP marketing for Salvador, points out that water utility cyberattacks cause cascade effects.
“Many critical infrastructures are interconnected, and downtime in water utilities could potentially trigger downtime on other systems, such as power grids, healthcare facilities, and transportation networks. So, mitigation actions must include a recovery plan, enabling operational continuity and minimizing downtime.”