In a concerning incident this April, unidentified hackers breached the control systems of the Lake Risevatnet dam near Svelgen, Norway. The attack caused the dam’s water valve to open fully, remaining that way for four hours before the unauthorized activity was detected. Fortunately, according to the Norwegian energy news outlet, Energiteknikk, the incident posed no immediate danger, with the additional 497 litres per second of water flow well within the riverbed’s capacity.
The breach was discovered on April 7 by dam owner Breivika Eiendom, with authorities including the National Security Authority (NSM), the Norwegian Water Resources and Energy Directorate (NVE), and Kripos alerted on April 10. They have launched an investigation into the incident, suspecting that a weak password guarding the valve’s web-accessible control panel was the likely vulnerability that allowed attackers to bypass authentication controls.
This incident underlines broader security threats to essential services. Previous reports, such as one from Hackread.com, highlighted that Israel was targeted by a wave of cyberattacks in April 2023, resulting in disruptions to irrigation and wastewater treatment systems. These events stress the importance of robust cybersecurity measures to guard against such vulnerabilities.
Although the Lake Risevatnet dam primarily serves a fish farm and is not connected to Norway’s power grid, the unauthorized access signals a dire need for enhanced security protocols in critical infrastructure. Experts emphasize that using strong passwords, multi-factor authentication, and vigilant monitoring practices are vital for ensuring the integrity of essential services against similar threats.