![]() The lack of a firewall and a password that was the same for each employee are also signs that the department's security regimen wasn't as tight as it could have been. Windows 7 also provides fewer security protections than Windows 10. In January, Microsoft ended support for Windows 7, a move that ended security updates for the operating system. The revelations illustrate the lack of security rigor found inside many critical infrastructure environments. What's more, the computer had no firewall installed and used a password that was shared among employees for remotely logging into city systems with the TeamViewer application. The tampering could have caused severe sickness or death had it not been for safeguards the city has in place.Īccording to an advisory from the state of Massachusetts, employees with the Oldsmar facility used a computer running Windows 7 to remotely access plant controls known as a SCADA - short for 'supervisory control and data acquisition' - system. After gaining remote access to a computer that controlled equipment inside the Oldsmar water treatment plant, the unknown intruder increased the amount of sodium hydroxide - a caustic chemical better known as lye - by a factor of 100. The computer intrusion happened last Friday in Oldsmar, a Florida city of about 15,000 that's roughly 15 miles northwest of Tampa. Congress recently gave CISA legal authority to force internet providers to turn over the identities of organizations that it or other government agencies see are being targeted by hackers.An anonymous reader quotes a report from Ars Technica: The Florida water treatment facility whose computer system experienced a potentially hazardous computer breach last week used an unsupported version of Windows with no firewall and shared the same TeamViewer password among its employees, government officials have reported. Most shocking, more than 80 percent of the major vulnerabilities that the surveyed facilities had were software flaws discovered before 2017, indicating a rampant problem of employees not updating their software. As many as 1 in 10 water and wastewater plants had recently found a critical cybersecurity vulnerability. Of those that do, an internal CISA survey conducted earlier this year, the results of which she shared with NBC, found dour results. Only a tiny fraction of the country's water facilities choose to use CISA's services - "several hundred" out of more than the 50,000 across the U.S., Anne Cutler, a spokesperson for the agency, said. But it doesn't regulate the sector and is largely confined to giving advice and assistance to organizations that ask for it. The Cybersecurity and Infrastructure Security Agency, the federal government's primary cybersecurity defense agency, is tasked with helping secure the country's infrastructure, including water. The former employee has pleaded not guilty, and his lawyer didn't respond to a request for comment. ![]() ![]() A night shift worker who had worked at the Post Rock Rural Water District logged into a remote online control system and tried to shut down the plant's cleaning and disinfecting operations in 2019, the Department of Justice said. attorney in Kansas indicted a former employee of a tiny water treatment plant in Ellsworth County over an incident that had happened two years earlier. That means hacks can take years to come to light, if they do at all. In most cases, it's up to individual water plants to protect themselves, and even if they're aware they've been hacked - a big if - they might not be inclined to tell the federal government, much less their customers. While individual facilities can ask the federal government for help to protect themselves, few do. government has said it has no plans for one. There has never been a nationwide cybersecurity audit of water treatment facilities, and the U.S. "You don't really have a good assessment of what's going on," he said. "It's really difficult to apply some kind of uniform cyber hygiene assessment, given the disparate size and capacity and technical capacity of all the water utilities," said Mike Keegan, an analyst at the National Rural Water Association, a trade group for the sector. Whether hacks on water plants have recently become more common or just more visible is impossible to tell, because there is no comprehensive federal or industry accounting of water treatment plants' security. In another previously unreported hack, the Camrosa Water District in Southern California was infected with ransomware last summer. 2021 Breached water plant employees used the same TeamViewer password and no firewall The Florida water treatment facility whose computer system experienced. In Pennsylvania, a state water warning system has reportedly alerted its members to two recent hacks at water plants in the state. ![]() But a number of facilities have been hacked in the past year, though most draw little attention. To date, a true catastrophe - where a hacker was able to poison a population's drinking water, causing mass sickness or even death - has not happened.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |