CISA makes the decision to act while the water authority conducts its investigation.
It has been acknowledged that a cyberattack occurred by the International Joint Commission (IJC), which is in charge of overseeing the water systems along the US-Canada border. 80 GB of data, including contracts, geological information, and other documents, were stolen by a hacker group going by the name of NoEscape.
The Boundary Waters Treaty, which the United States and Canada agreed to in 1909, governs how the IJC operates. The organization looks into environmental issues in addition to approving the construction of dams, canals, and other infrastructure projects.
The hackers gave IJC 10 days to respond to their ransom demand, but they did not specify how much money they wanted in exchange for the files' unlocking.
One of the representatives claimed that steps were already being taken to address the issue. He remained silent, however, when asked whether the business alerted law enforcement or whether the cyberattack had an impact on internal systems. No information has been released regarding IJC's willingness to pay the ransom.
NoEscape hackers have taken credit for attacks on a German professional bar association, a college in Hawaii, as well as on Australian businesses, a hospital in Belgium, and manufacturing facilities in the United States and the Netherlands since they first surfaced in May.
Water supply companies are facing more and more relevant cybersecurity issues in the US. The Environmental Protection Agency (EPA) this year proposed new regulations that would mandate yearly system audits for businesses. Both federally and in each state, the bill is currently being discussed.
Recently, CISA declared that it would offer these businesses free vulnerability monitoring services.
Their proposal calls for automated weekly checks of water systems that not only identify flaws in resources that are accessible via the Internet but also suggest ways to fix them.