image

RedAlert! Water supply systems hacked

There are discussions about safeguards after a cyber attack at a water plant in western Pennsylvania shut down a critical piece of technology.

Almost one week ago, the Iran-backed group "Cyber Av3ngers" claimed responsibility for a hack of the Municipal Water Authority of Aliquippa, about 30 miles outside Pittsburgh.

According to CBS Pittsburgh, a computer screen that would normally display water pressure data suddenly shut down before a message appeared on its screen.

"You have been hacked. Down with Israel. Every equipment [sic] 'made in Israel' is Cyber Av3ngers legal target," the message read.

Images alongside the message included a Star of David, the symbol on the national flag of Israel, partially submerged in liquid.

The MWAA was able to take control of its systems and resume operations with no interruptions to service. But the attack sent alarm bells all the way to Washington, with the Cybersecurity and Infrastructure Security Agency in the U.S. Department of Homeland Security now investigating the attack.

"The attacks are constant and there are nonstop," Philip Ichinaga said. "So this might be state-sponsored hacking but there's hacking going on every day, with every organization."

Ichinaga is the Chief Information Security Officer at Saint Joe's University. CBS News Philadelphia contacted him about the cyberattack asking what more could be done.

"Patching for security vulnerabilities or hardware, firmware vulnerabilities," he said. "Having a branch firewall or VPN in place, a virtual private network, so you're not directly connected to the internet, your resources," he said.

Three Democratic members of Congress from Pennsylvania have now asked the Department of Justice to investigate the cyberattack. Sens. John Fetterman and Bob Casey joined Rep. Chris DeLuzio, who represents Aliquippa and the surrounding suburbs in the House, to pen a letter to the U.S. Attorney General.

"We know that nation-state adversaries are targeting the weakest link in America's critical infrastructure," the three wrote. "We must ensure that our state and local governments, along with private companies, have cyber-defenses strong enough to fend off attacks from sophisticated actors."

In response to questions from CBS News Philadelphia, local companies say they are keeping their systems safe.

Here's what American Water, which serves parts of New Jersey and Pennsylvania, said in a statement:

"American Water has a dedicated team of certified professionals who help maintain the cybersecurity of our informational and operational technology systems, safeguard the physical security of our staff, facilities and assets, and provide emergency response…"

And here's a response from the Philadelphia Water Department: 

"As standard security practice for PWD, we constantly evaluate our systems for vulnerabilities based on current industry standards. The PWD has not identified any systems that use the software and devices targeted in the Aliquippa cyberattack."

Our experts caution while some of these attack groups are sophisticated, others are not as savvy.

Still, they said utilities and other businesses need to take all the necessary precautions to firewall their systems.