Hackers' chaotic efforts to poison tap water in a small Florida town are raising alarms at how vulnerable the nation's water systems could potentially be attacked by increasingly sophisticated intruders. Treatment plants typically have cash and lack the cybersecurity depth of power grids and nuclear plants.A shocking announcement by a local sheriff on Monday that Oldsmar's water supply, with its population of 15,000, was briefly in danger last week showed an unfavorable transparency. Suspicious events are rarely reported and often mechanical or procedural errors. There are no federal reporting requirements and state and local rules differ greatly.
In the industry,
slotxo
we all expect this to happen. We have long known that municipal water utilities have very little capital and little resources, and that makes them an improper target for the construction of municipal water utilities. Cyber ​​attacks, ”said Lesley Carhart, a respondent at Dragos Security, which specializes in industrial control systems.I deal with a number of municipal waterworks for small, medium and large cities. And in many cases, they all have a very small number of IT employees. Some of them don't have a dedicated security guard, ”she said.The country's 151,000 public water systems lack the financial reinforcement of nuclear and power plant owners. They're a different patchwork style, technology and security measures are less consistent than in other wealthy countries.
As computer networks of critical infrastructures are more easily accessible via the Internet and with remote access multiplying significantly during the COVID-19 epidemic, security measures are often reduced.It's a difficult problem. But it's a problem we have to start to fix, ”said Joe Slowik, a senior security researcher at DomainTools. "The weakness of the system in this sector"Cyber ​​security experts said the attack at the facility 15 miles northwest of Tampa appeared to be a hammam.It was very blatant: Anyone who violated Oldsmar's factory on Friday using a range access program. As far as factory workers share, briefly increases the lye content - sodium hydroxide - by a factor of 100, according to Pinellas County Sheriff Bob Gualtieri.Lye is used to reduce acidity.
But in high concentrations it is highly corrosive and can burn. Found in drain cleaning products.The timing and visibility of intruders seems like a joke for cybersecurity experts. The supervisor examined the factory console around 1:30 p.m. saw the cursor move across the screen and changed the settings, Gualtieri said, and was able to immediately revert. The intruders entered and exited within five minutes.People were never in danger, although intruders took "sodium hydroxide to dangerous levels," the sheriff said. Additionally, plant protection will detect chemical changes in 24-36 hours that will affect tap water, he said.
Gualtieri said Tuesday that the water would go into the water tank before reaching the customer and “it would be detected by secondary chemical inspections.
He did not know if the hacker was local or foreign and said no. Who is involved with factory workers? He said the FBI and the Secret Service were helping with the investigation. The way the hackers got in is unclear, he said, although it's possible that the hacker was able to generate administrative credentials.Jake Williams, CEO of cybersecurity firm Rendition Infosec, said engineers have built a defense system. "Since before, cyber remote control has been important," making the breach unlikely to lead to cybercrime. The "waterfall of failure" that made Oldsmar's water disappear.
Cyber ​​security company FireEye said it had made considerable efforts in the hack. But mostly because many newbies stumbled upon their systems while using a search engine for an industrial control system called Shodan.The serious threats come from national hackers, such as Russian officials accused of a month-long SolarWinds campaign that plagued US agencies and the private sector for at least eight months and was discovered in December. As US officials call SolarWinds a serious threat. But they call it cyber resistance instead of trying to damage it.
Placing wiretapping boxes that could cause armed conflicts is another matter. It is known that Russian hackers infiltrated the US industrial control system, including the power grid, and Iranian officials were accused of violating a New York suburb in 2013, but there was no indication that it was enabled. "Logic bomb" as in Russia. It was done in Ukraine when military hackers took down pieces of the grid in the winter of 2015 and 2016.A 2020 report in the Journal of Environmental Engineering found that water utilities had been hacked by a number of actors, including recently poked amateurs, disgruntled former employees, cybercriminals looking for profit and sta.
|
Login
Registration
Slovak
