Russian Government Cyber Activity Targets Water
i2O has sought to be a leader in information security. Why? Because we provide services to an industry that is responsible for critical national infrastructure. It seems that we were right to do so.
In a week in which Russia has been prominent in the news – for the re-election of Vladimir Putin and the attempted murder of a former Russian spy with a deadly nerve agent in the quiet cathedral city of Salisbury, England – we received TA18-074A: Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors from the US Department of Homeland Security’s Computer Emergency Readiness Team. It starts like this:
‘This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides information on Russian government actions targeting U.S. Government entities as well as organizations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors. It also contains indicators of compromise (IOCs) and technical details on the tactics, techniques, and procedures (TTPs) used by Russian government cyber actors on compromised victim networks. DHS and FBI produced this alert to educate network defenders to enhance their ability to identify and reduce exposure to malicious activity.‘
It seems unlikely that the Russian government’s activity is restricted to the infrastructure of the United States of America.
Our view is that water companies around the world should insist on their providers being ISO 27001 compliant to assure the security of the solutions that they provide to the industry.