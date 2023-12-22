Providers of critical infrastructure in the United States are doing a sloppy job of defending against cyber intrusions, the National Security Council tells Fast Company, pointing to recent Iran-linked attacks on U.S. water utilities that exploited basic security lapses.

The security council tells Fast Company it’s also aware of recent intrusions by hackers linked to China’s military at American infrastructure entities that include water and energy utilities in multiple states. Neither the Iran-linked or China-linked attacks affected critical systems or caused disruptions, according to reports.

“We’re seeing companies and critical services facing increased cyber threats from malicious criminals and countries,” Anne Neuberger, the deputy national security advisor for cyber and emerging tech, tells Fast Company. The White House had been urging infrastructure providers to upgrade their cyber defenses before these recent hacks, but “clearly, by the most recent success of the criminal cyberattacks, more work needs to be done,” she says.

Since the start of the Israel-Hamas war, an Iranian hacking group known as CyberAv3ngers has been targeting U.S. water utilities that use Israel-manufactured Unitronics programmable logic controllers—common multipurpose industrial devices used for monitoring and regulating water systems. “[Such infrastructure] is often forgotten about, neglected, or both and presents an attractive target for nation-states,” says Gary Perkins, chief information security officer at cybersecurity firm CISO Global.