Below you can find a guest post made by Radiflow, an award-winning OT Cybersecurity company, on a strange cybersecurity incident that occurred here in Israel last night.
Without being triggered by any known sources, air raid sirens in the Israeli cities of Jerusalem and Eilat blared, creating commotion and finger-pointing. It was determined that it may have been an Iranian-triggered cybersecurity attack.
The article covers:
¤ The history of Iranian cyberattacks on Israel
¤ Identifying if this is a follow-up to Iran’s earlier attack on Saudi Arabia’s Aramco
¤ Municipality infrastructure in the US and Europe is under attack
¤ What can be done to protect citizens and their vital resources?
As Sirens Blare in Israel, Cybersecurity Experts Suspect Iranian Breach
Iran is suspected to have triggered air raid sirens in Israel in Israel, a reminder of their growing cyber warfare capabilities. “Whether this siren attack by Iran was a false flag or accidental triggering remains to be seen but the lack of municipal cybersecurity is clear,” said Ilan Barda, Co-Founder & CEO of Radiflow.
Jerusalem, Israel, June 20, 2022– Life momentarily came to a halt last night in the Israeli cities of Jerusalem and Eilat as air raid sirens were triggered, despite there being no projectile in motion. The Israeli Military has announced that they suspect the false alarm to have been triggered by a cybersecurity attack at the municipal levels, not via military systems.
Just two years ago, Iran had successfully breached six Israeli water management facilities, threatening the health and safety of civilians. Yet, these threats are not limited to bouts between Israel and Iran. Throughout the US and Europe, breaches at the municipal level have been putting people in increased danger over the last few years. In July 2021, a Florida water management facility was attacked as hackers tried to poison the water by increasing the level of Sodium Hydroxide 11-fold. This puts consumers in danger of severe respiratory reactions as a result of this poisoning.
Unfortunately, this story has been played out continuously over the last few years as OT environments, such as water, electricity, and other critical municipality-run facilities are brought online. Looking to the future, traffic lights, public transportation, and other municipality-run systems will be brought online and automated.
Part of the challenge is that municipalities are not set up to manage the cat and mouse game that cybersecurity experts are accustomed to operating in. Once a cybersecurity system is in place, regardless of its capabilities, it will become obsolete as hackers learn how to discover and manipulate vulnerabilities. Without regular updates and management, even the best systems are put at risk.
Alarming consequences with few answers
In the case of this morning’s sirens throughout two major Israeli cities, many answers remain unanswered. The first of which is, why carry out such a bold incident on an ordinary morning?
“Whether this siren attack by Iran was a false flag or accidental triggering remains to be seen but the lack of municipal cybersecurity is clear,” said Ilan Barda, Co-Founder & CEO of Radiflow. If this was meant to cause disruption to civilian life, it would make more sense to conduct this incident during a religious holiday or time of large gatherings to shatter any sense of security. It is possible that the sirens were triggered while hackers were still exploring for vulnerabilities within the municipality’s security system or that it was a false flag, being used as a distraction as another not yet published cyber attack was carried out. An example of this was the 2017 Iranian cyber attack on Saudi Arabia’s Aramco, where a breach was discovered, only to have thousands of computer systems compromised later, causing a devastating meltdown or explosion. Going after a municipality would bring a city or region to a halt, impacting supply chains, food deliveries, and more- putting a city under siege.
For municipalities of any region to protect themselves, they must work with experienced managed cybersecurity service providers who understand the layered nature of how today’s OT facilities and utilities operate in the online space. Without a deep understanding of industrial controls and their vulnerabilities, it is near impossible to properly secure them in the short or long term. For municipalities to be as secure as today’s leading technology firms, they must build a partnership with their managed cybersecurity service provider over time.
This means that proper installation and maintenance is a top priority along with ongoing monitoring through a digital environment. This will go beyond being able to identify an attack, along with its gateway or access point, to allowing the team to practice mitigating attacks without impacting the physical environment. Only then can governments ensure that the critical systems their population relies on are truly safe.