Norwegian Dam Valve Forced Open for Hours in Cyberattack

In a concerning incident this April, unidentified hackers managed to breach the control systems of a Norwegian dam. Reportedly, hackers breached the control systems of a Norwegian dam, causing its water valve to open fully. The incident occurred at the Lake Risevatnet dam, situated near the city of Svelgen in Southwest Norway. The valve remained open for four hours before the unauthorized activity was detected.

According to the Norwegian energy news outlet, Energiteknikk, the hack did not pose a danger, as the water flow barely exceeded the dam’s minimum requirement. The valve released an additional 497 litres per second, but officials noted that the riverbed could handle a much larger volume, up to 20,000 litres per second.

****Vulnerable Control Systems Highlighted****

The incident was discovered on April 7 by the dam’s owner, Breivika Eiendom. Norwegian authorities, including NSM (National Security Authority), NVE (Norwegian Water Resources and Energy Directorate), and Kripos (a special agency of the Norwegian Police Service), were alerted on April 10, and an investigation is now underway.

Officials suspect the breach occurred because the valve’s web-accessible control panel was protected by a weak password. Breivika technical manager Bjarte Steinhovden speculated this was the likely vulnerability. The initial point of entry allowed attackers to bypass authentication controls and gain direct access to the operational technology (OT) environment.

****Broader Threats to Essential Services****

This incident is not isolated as such intrusions into vital infrastructure have occurred in the past. For instance, Hackread.com reported in April 2023, that Israel faced a wave of cyberattacks, with authorities believing they were part of OpIsrael, a campaign by pro-Palestinian hackers.

Among the targets were Israel’s irrigation systems, which saw several water monitors malfunction. The targets included irrigation and wastewater treatment systems in areas like the Hula Valley, the Jordan Valley, and the Galil Sewage Corporation. These cases show how simple vulnerabilities, like easy-to-guess passwords, can be exploited by threat actors.

****Lessons for Critical Infrastructure Protection****

While this particular facility primarily serves a fish farm and is not connected to Norway’s power grid, the incident shows a critical security lesson for essential infrastructure worldwide. It demonstrates how easily basic security failures, especially weak credentials, can compromise vital systems.

It also highlights that remote access, proper authentication, and clear ownership of cyber-physical interfaces should be standard security practices. The fact that the attack persisted for four hours undetected also indicates the importance of sufficient monitoring for critical infrastructure like dams. Effective cybersecurity practices, including strong passwords and multi-factor authentication (requiring more than one way to prove identity), are crucial for protecting these essential services.