DOJ asked to investigate water utility hack

Three members of Pennsylvania’s congressional delegation have asked the Department of Justice to investigate how foreign hackers breached a water authority near Pittsburgh, which prompted warnings to other water treatment facilities.

In a letter released Thursday, Democratic Sens. John Fetterman and Bob Casey, and Rep. Chris Deluzio (D), said Americans must know their drinking water is safe from “nation-state adversaries and terrorist organizations,” The Associated Press reported.

The Municipal Water Authority of Aliquippa, Pa., was apparently targeted and compromised Nov. 24 because the equipment in the control system was made in Israel. An image of the device screen shows a message from hackers that reads “Every equipment ‘made in Israel’ is Cyber Av3ngers legal target.”

A group used that same language claimed to have hacked 10 water treatment stations in Israel, but it’s not confirmed if they were able to shut down any equipment, the AP reported.

“Any attack on our nation’s critical infrastructure is unacceptable,” the lawmakers wrote to Attorney General Merrick Garland. “If a hack like this can happen here in western Pennsylvania, it can happen anywhere else in the United States.”

CBS News in Pittsburgh obtained a copy of the letter that said there is a history in Western Pennsylvania of the U.S. Attorney’s Office “prosecuting cybercrimes involving foreign adversaries.”

Deluzio joined the news station to discuss the letter, calling the attack “a serious thing.”

“A municipal water authority in Aliquippa is the target here, and that controls something we all rely on: access to water,” Deluzio told CBS. “So that’s where the vulnerabilities are. We’ve got to shore up defenses and help local government, help private vendors where they’re involved, lift up their cybersecurity.”

“We’ve been told that we are not the only authority that’s been affected in the country, but we are believed to be the first,” Aliquippa water authority Chair Matthew Mottes told the AP.

Cyber Av3ngers have been aligned with Iran’s government, according to leading cybersecurity companies Check Point Research and Google’s Mandiant. The group has been targeting Israeli infrastructure since the start of the Israel-Hamas war, a Check Point spokesperson said.

According to the U.S. Cybersecurity and Infrastructure Security Agency, the device in Pennsylvania — which regulates processes such as pressure, temperature and fluid flow — was made by Unitronics, a company based in Israel that is used in industries ranging from water and sewage facilities, to electric companies and oil and gas producers, per the AP.

The Pennsylvania water authority temporarily halted pumping Saturday after the hack. Crews took over with manual operation.

The cybersecurity attack came after a federal appeals court ruling prompted the Environmental Protection Agency (EPA) to rescind a rule that would have required U.S. public water systems to include cybersecurity testing in their regular audits.

The agency announced in March that many systems have not taken the basic steps to ensure cybersecurity despite more attacks.

The EPA rescinded the memorandum in October, despite believing attacks “occur frequently and are a significant threat” to water and wastewater system operations.

The agency said it will be using the Biden administration’s National Cybersecurity Strategy, released in March, to guide future work and lower the risk of attacks.

The Hill has reached out to the offices of the three lawmakers who wrote to the Justice Department for more information about their letter and request.

For the latest news, weather, sports, and streaming video, head to The Hill.