this post was submitted on 02 Jul 2026
5 points (85.7% liked)

Infrastructure

1030 readers
1 users here now

Infrastructure is composed of public and private physical structures such as roads, railways, bridges, tunnels, water supply, sewers, electrical grids, and telecommunications.

The stuff that makes the modern world go round!

founded 2 years ago
MODERATORS
 

Russian cybercriminals managed to hack into a Quebec municipality's water treatment plant systems and had the ability to wreak havoc on the crucial infrastructure before getting caught, according to Canada's cyber spy agency.

In one particular case discussed in the report, the signals intelligence agency said it was advised last October that Russian hacktivist group NoName had broken into the Quebec water plant's network and gained access to many crucial systems.

According to CSE, NoName claimed it had gained the "ability to covertly control pumps, chlorine dosing, pressure settings and monitoring/alerts systems." The report does not identify the impacted Quebec municipality.

top 7 comments
sorted by: hot top controversial new old
[–] Quexotic@sh.itjust.works 1 points 4 days ago (1 children)
[–] shitwizard420@crazypeople.online 0 points 4 days ago (1 children)

U.S. officials have testified about People’s Republic of China (PRC) hackers’ capability and intent to be able to disrupt domestic infrastructure by 2027. This targeting of critical infrastructure by PRC army units creates leverage in a potential conflict, as the disruption of civilian life could impair policymakers’ capacity for rapid response in a crisis. While we cannot control the PRC’s strategic aims, we can reinforce the resilience of our communities.

UnDisruptable27’s mission is to bridge this preparedness gap by equipping communities on the front lines with the information, tools, and support they need to mitigate the impacts of increasingly complex and cascading infrastructure disruptions. By empowering local leadership, infrastructure operators, and everyday Americans with accessible, actionable insights, UnDisruptable27 aims to enhance national resilience… starting at the local level.

Wow. I'm actually speechless. I don't even know where to start. I feel like I'm going fucking crazy some times.

I thought it was widely accepted that the US was involved in Stuxnet?

Why focus on China and future capability and not the serious threats that have existed for almost 30 years? Like the incident in 2000 with a disgruntled former employee from an Australian water utility who used remote access to fuck things up. Or that time in 2013 that Iran logged in to the SCADA system of a Dam in New York? Or in 2023 when Iran left anti-Isreal messages on the HMI of a water utility in Pennsylvania? All the reminders of Russia capabilities and history of attacks that were published in 2022?

Where in their plan are they going to bully local politicians into properly funding water infrastructure? Oh, they think we need "clear, actionable step"s? Like the Roadmap to Secure Control Systems in the Water Sector published by the AWWA in 2009? Or their Water Sector CybersecurityRisk Management Guidance (2014)? Or other tools used to support the 2018 requirement for utilities that serve >3300 people to complete risk and resilience assessments and emergency response plans and certify their completeness with the US EPA? And how this same law mandates that US EPA provide guidance to smaller systems too? Like how the US EPA offers free cyber security evaluations, including risk mitigation templates and guidance on overcoming discovered vulnerabilities?

Armed with success stories and blueprints, U27 will get ahead of supply chain and other dependencies that would prevent this approach from scaling to the 6,000 hospital communities nationwide and beyond.

There is no way anyone involved in this has opened up a PLC cabinet in a water utility.

[–] Quexotic@sh.itjust.works 1 points 2 days ago (1 children)

What are you doing to help?

[–] shitwizard420@crazypeople.online 1 points 1 day ago (1 children)

Help America? Nothing. I'm not american.

Help utilities in my own country? I'm doing my job, lol.

[–] Quexotic@sh.itjust.works 1 points 1 day ago

Good. You're doing something to help! I like that! Keep up the work. 😁

[–] Assassassin@lemmy.dbzer0.com 0 points 4 days ago (1 children)

It's going to take some sort of calamity to get utilities to secure their networks. I'm really surprised that it hasn't happened yet, tbh. There have been so many intrusions and a few really close calls already.

In my experience it is super location dependent. I've worked with municipalities who had shit locked down and others that made me think I was getting punked. All in Ontario.

I joined the industry in the early 2010s and it was a hot topic then too. This was when Stuxnet was in the news. ISA published Industrial Automation and Control Systems Security standards (ISA99) in 2002. It's not new.

I wonder how connected the folks who make decisions about utility cyber security are to each other. I learned almost everything I know about SCADA security practices via people I met through provincial wastewater industry associations and just letting them infodump lol. I don't know that any of the municipal SCADA people I worked with were members or participated. Maybe they are just trying to go at it alone vs collaborating and learning from each other. You don't know what you don't know!

I'd also be interested to know how old the PLCs at that plant were. We have zero details about this attack but when the Rockwell/AB exploit was in the news people were talking about buying cards off eBay because they are using discontinued PLCs. Can you imagine?

So, even if the staff understands the risk it doesn't mean they are getting enough money to do anything about it. Utilities are so underfunded. It's another ticking time bomb along with all those neglected pipes in the ground.