Cyberattack: Attackers open dam valves
In Norway, there was a cyber attack on the control system of a dam in April. The valves were completely opened for hours.
(Image: Dirk Knop/heise medien)
In a cyberattack on a Norwegian dam, unknown persons opened the structure's water passage valves undetected for several hours. The incident at the Risevatnet reservoir in south-western Norway occurred back in April, as has now been revealed by the security service provider Claroty. The attackers used a weak password to gain access to the control systems. According to the information, the manipulation remained undetected for four hours.
The dam's control panel was easily accessible via the web. It controls the dam's minimum flow valves. After successful authentication, the attackers were able to bypass the security controls and gain direct access to the Operational Technology (OT) environment. The manipulation resulted in all valves being fully opened, increasing the water outflow by 497 liters per second above the prescribed minimum flow rate. No damage was caused by the incident.
Incident is a warning
However, Claroty uses the example to point out the vulnerability of critical infrastructures. The incident, behind which Russian hackers are suspected according to Norwegian media reports, is a kind of warning shot. According to surveys, thousands of building automation systems are accessible on the internet without sufficient protective measures. Attackers could, for example, switch off the air conditioning in hospitals.
Videos by heise
The incident highlights the need for suitable protective measures. Critical infrastructures should not only be protected by a simple password, but should at least be secured by multi-factor authentication. Direct accessibility from the web should also be questioned. It is also necessary to constantly monitor the systems in order to detect intruders and manipulation as quickly as possible.
(mki)
