Life momentarily came to a halt last night in the Israeli cities of Jerusalem and Eilat as air raid sirens were triggered, despite there being no projectile in motion. The Israeli Military has announced that they suspect the false alarm to have been triggered by a cybersecurity attack at the municipal levels, not via military systems.
Just two years ago, Iran had successfully breached six Israeli water management facilities, threatening the health and safety of civilians. Yet, these threats are not limited to bouts between Israel and Iran. Throughout the US and Europe, breaches at the municipal level have been putting people in increased danger over the last few years. In July 2021, a Florida water management facility was attacked as hackers tried to poison the water by increasing the level of Sodium Hydroxide 11-fold. This puts consumers in danger of severe respiratory reactions as a result of this poisoning.
Unfortunately, this story has been played out continuously over the last few years as OT environments, such as water, electricity, and other critical municipality-run facilities are brought online. Looking to the future, traffic lights, public transportation, and other municipality-run systems will be brought online and automated.
Part of the challenge is that municipalities are not set up to manage the cat and mouse game that cybersecurity experts are accustomed to operating in. Once a cybersecurity system is in place, regardless of its capabilities, it will become obsolete as hackers learn how to discover and manipulate vulnerabilities. Without regular updates and management, even the best systems are put at risk.
Alarming consequences with few answers
In the case of this morning’s sirens throughout two major Israeli cities, many answers remain unanswered. The first of which is, why carry out such a bold incident on an ordinary morning?
“Whether this siren attack by Iran was a false flag or accidental triggering remains to be seen but the lack of municipal cybersecurity is clear,” said Ilan Barda, Co-Founder and CEO of Radiflow. If this was meant to cause disruption to civilian life, it would make more sense to conduct this incident during a religious holiday or time of large gatherings to shatter any sense of security. It is possible that the sirens were triggered while hackers were still exploring for vulnerabilities within the municipality’s security system or that it was a false flag, being used as a distraction as another not yet published cyber attack was carried out. An example of this was the 2017 Iranian cyber attack on Saudi Arabia’s Aramco, where a breach was discovered, only to have thousands of computer systems compromised later, causing a devastating meltdown or explosion. Going after a municipality would bring a city or region to a halt, impacting supply chains, food deliveries, and more- putting a city under siege.
For municipalities of any region to protect themselves, they must work with experienced managed cybersecurity service providers who understand the layered nature of how today’s OT facilities and utilities operate in the online space. Without a deep understanding of industrial controls and their vulnerabilities, it is near impossible to properly secure them in the short or long term. For municipalities to be as secure as today’s leading technology firms, they must build a partnership with their managed cybersecurity service provider over time.
This means that proper installation and maintenance is a top priority along with ongoing monitoring through a digital environment. This will go beyond being able to identify an attack, along with its gateway or access point, to allowing the team to practice mitigating attacks without impacting the physical environment. Only then can governments ensure that the critical systems their population relies on are truly safe.