Alleged Russian cyberattack threat on utilities raised in Hope

HOPE — The Indiana Department of Homeland Security says it is unaware of evidence that Russians may be planning cyberattacks at more than a dozen Indiana water utilities.

During a public presentation to the Hope Town Council on Monday, concern was raised by Terry Green, personal and business insurance risk manager for Johnson Witkemper Insurance.

Most of what Green told the council has been verified. For example, there was an April 17 cyberattack in Tipton, Indiana (population 5,279) that disrupted operations at a wastewater treatment facility. Another disruption occurred at the same facility four days later.

It has also been confirmed that a video created by a group calling itself “People’s Cyber Army of Russia” was posted on social media that claimed responsibility for the disruptions.

A message accompanying the video stated: “We continue to look partially over our series of work on US infrastructure. Today, we’ll look at Indiana. Let’s consider the work on municipal water treatment plants. Enjoy watching, friends.”

Officials in Tipton described the disruptions as minor, adding the town’s drinking water was never in jeopardy.

But while addressing the council in Hope, Green said the video from the alleged Russian hackers claims they “have access to at least 12 other Indiana water utilities, and they are going to attack soon.”

“That has not bubbled up my way yet,” said Dave Hosick, director of public affairs for the Indiana Department of Homeland Security. “I would guess there is not much truth to that.”

After conferring with the Indiana Department of Environmental Management and the Indiana Office of Technology, Hosick confirmed there is nothing in the video that indicates more Hoosier utilities will be facing cyberattacks in the near future.

Green’s statement was part of his company’s proposal to the council to provide insurance to the town of Hope. The council voted to accept the proposal costing $39,000 annually. That includes $4,000 for cyberattack insurance.

The same group claiming responsibility in Tipton also claims to be behind a cyberattack in the west Texas town of Muleshoe (populaton 5,054). The January incident caused a water tank to overflow.

Last month, a global threat intelligence and cyber security company, Mandiant, issued a report linking recent cyberattacks against water utilities to an arm of Russia’s GRU military intelligence agency called Sandstorm.

Environmental Protection Agency Deputy Administrator Janet McCabe also named China and Iran as countries “actively seeking the capability to disable U.S. critical infrastructure, including water and wastewater.” In addition, private groups and individuals are continuing their cyber attacks, McCabe said.

On Monday, the EPA issued an enforcement alert urging water systems to take immediate actions to improve protections against cyberattacks. Possible impacts include interruptions to water treatment and storage; damage to pumps and valves; and alteration of chemical levels to hazardous amounts, according to the alert.

Drinking water and wastewater systems in small towns are an attractive target for cyberattacks because they are a lifeline critical infrastructure sector, but often lack the resources and technical capacity to adopt rigorous cybersecurity practices.

A joint letter to all 50 U.S. governors last March from the EPA and the White House urged the states to take action to lessen or eliminate the threat.