Friday, February 21, 2025, 11:50PM |  28°
MENU
Advertisement
Mai Abdelhakim, an assistant professor at University of Pittsburgh, is sworn in Wednesday at the state Capitol before testifying to lawmakers on cybersecurity and the recent Aliquippa cyber attack.
1
MORE

Pa. lawmakers told Aliquippa incident shows cyber risks to public infrastructure

Ford Turner/Post-Gazette

Pa. lawmakers told Aliquippa incident shows cyber risks to public infrastructure

HARRISBURG — A pair of recent cyberattacks on Pennsylvania’s digital infrastructure — including one on the Municipal Water Authority of Aliquippa — set off alarm bells in the state Legislature and were cited repeatedly in a hearing at the Capitol on Wednesday.

The Nov. 25 attack at Aliquippa “vividly highlights the importance of cybersecurity and the existence of hidden risks in both our public and private facilities,” said University of Pittsburgh assistant professor Mai Abdelhakim in testimony to two legislative committees.

The attack was carried out by a terrorist group tied to the Iranian government, according to the FBI. Ms. Abdelhakim said a federal review indicated hackers gained access by exploiting weak or default passwords and an internet connection. The second attack — whose damaging effects were still being cleared up this week — crippled part of the 9-1-1 system in Bucks County.

Advertisement

The general message to lawmakers from two panels of witnesses was that cyber threats are numerous, require constant vigilance and need more attention from state government.

Thousands of records mistakenly deleted from Pa. state government computer servers
Jan Murphy
Thousands of records mistakenly deleted from Pa. state government computer servers

The city of Reading’s digital infrastructure includes 15 different locations, 550 users, and firewalls, Information Technology Division Manager Ken Cochran said. The firewalls, he said, get “at least a thousand pokes a day from the outside.”

Mr. Cochran, who testified on behalf of the Pennsylvania Municipal League, said Reading has added an intrusion detection system, a system to record all Windows event logs, multi-factor authentication, email filtering and other measures.

But, he said, there is little information exchanged between municipalities and authorities about cyber threats or attacks they have endured. Without an understanding of what happened in Aliquippa and Bucks County, he said, it is “hard for us to learn and adjust.”

Advertisement

Brian Rengert, deputy director of government relations for the Pennsylvania Association of Township Supervisors, said 88% of all cybersecurity breaches involve human error, and the state should be preparing for an attack.

“One click is all it takes,” Mr. Rengert said.

Several lawmakers on the Senate Local Government and Communications & Technology committees laid out their general feelings. Sen. Kristin Phillips-Hill, R-York, said she wants to see the creation of a cybersecurity committee to “get everyone on the same page.”

Federal sources, she said, have indicated that for every FBI staffer who is working on cybersecurity, the Chinese government has 50 people “trying to hack into everything we are doing.”

The Municipal Water Authority of Aliquippa building, which was hacked on Nov. 25, 2023, by "Cyber Av3ngers,” is pictured on Friday, Dec. 1, 2023, in Aliquippa. The hacking group claiming responsibility is anti-Israel and is Iranian-backed. The building uses Israeli-made technology to regulate water pressure in Aliquippa's system, and the attack disabled the monitor, but plant managers could continue operating manually.
Evan Robinson-Johnson
'Very alarming': Aliquippa's hacked water authority exposes the threat to operational technology

Sen. Tracy Pennycuick, R-Montgomery, said it was “kind of embarrassing” that the state distributes only an average of $37,000 per county for cybersecurity. “I have a big concern with that number. I think it should be a lot higher,” Ms. Pennycuick said.

Sen. Jarrett Coleman, R-Lehigh, felt otherwise. He questioned the concept of having taxpayers in one part of the state finance cybersecurity in another part of the state.

Other ways should be found to solve the problem, Mr. Coleman said, than “look at the general fund as a piggybank.”

Ford Turner: fturner@post-gazette.com 

First Published: January 31, 2024, 11:05 p.m.
Updated: February 1, 2024, 6:19 p.m.

RELATED
Meta CEO Mark Zuckerberg turns to address the audience Wednesday during a Senate Judiciary Committee hearing on Capitol Hill in Washington to discuss child safety. X CEO Linda Yaccarino watches at left.
Barbara Ortutay and Haleluya Hadero
Meta, TikTok and other social media CEOs testify in heated Senate hearing on child exploitation
The Municipal Water Authority of Aliquippa is pictured on Sunday, Dec. 10, 2023.  The Authority was one of several organizations breached in the United States by Iran-affiliated hackers on Nov. 25.
The Editorial Board
Editorial: Even basic cybersecurity measures go a long way
SHOW COMMENTS (1)  
Join the Conversation
Commenting policy | How to Report Abuse
If you would like your comment to be considered for a published letter to the editor, please send it to letters@post-gazette.com. Letters must be under 250 words and may be edited for length and clarity.
Partners
Advertisement
Two slices of New York-style pizza and one cut of Sicilian at Etna Slice House in Etna.
1
life
Etna Slice House is 'closed until further notice' following pizzaiolo's departure
Mayor Ed Gainey during  a press conference at the Downtown Public Safety Center on Thursday. He angrily criticized what he believes negative media coverage of his work as mayor.
2
opinion
Brandon McGinley: ‘The wheels are coming off’ the Gainey administration
Longtime KDKA-TV host Jon Burnett on May 22, 2019.
3
a&e
Jon Burnett, long a KDKA-TV staple, leaves legacy of ‘putting good out into the world’
The Breezewood Interchange is dotted with gas stations, chain restaurants and souvenir shops. The Pennsylvania Turnpike Commission has selected Chicago-based Alfred Benesch and Company to spearhead a major redesign of the notorious roadway.
4
business
So long, Breezewood: Chicago firm selected to redesign infamous Pa. Turnpike interchange
Former Proud Boys leader Enrique Tarrio, center, speaks Friday outside the U.S. Capitol in Washington.
5
news
Ex-Proud Boys leader Enrique Tarrio arrested near Capitol on assault charge after news conference
Mai Abdelhakim, an assistant professor at University of Pittsburgh, is sworn in Wednesday at the state Capitol before testifying to lawmakers on cybersecurity and the recent Aliquippa cyber attack.  (Ford Turner/Post-Gazette)
Ford Turner/Post-Gazette
Advertisement
LATEST news
Advertisement
TOP
Email a Story