- Water plant employees used same teamviewer software#
- Water plant employees used same teamviewer password#
- Water plant employees used same teamviewer windows#
Unfortunately, smaller municipalities do not have the resources to respond and will often be left struggling for hours, or even days, as the attack rages on. While the federal government investigates more serious breaches, state and local agencies are left picking up the pieces for more minor attacks. These two issues are widespread amongst critical infrastructure organizations and the private sector alike.ĭespite being discovered and stopped, the incident amplified the discussion on how the government and private sector can prevent these attacks.
Water plant employees used same teamviewer password#
The system was also only accessible using a shared TeamViewer password among the employees.
Water plant employees used same teamviewer windows#
Luckily, a supervisor was able to catch the act in real-time and revert the changes.Īfter an investigation of the Oldsmar incident, it was revealed that the hacker was able to gain access because the computer system was using an unsupported version of Windows with no firewall. In particular, the increase of sodium hydroxide could have seriously harmed or even killed human beings. The attacker successfully infiltrated the computer system that controlled the water treatment facility and remotely manipulated a computer to change the water supply’s chemical balance. The attempted attack on the Oldsmar, Florida water treatment plant in early February 2021 demonstrated the potentially dangerous and life-threatening consequences of compromised critical infrastructure. Over 65% believe that a cyberattack on critical infrastructure has the potential to inflict more damage. Congress recently gave CISA legal authority to force internet providers to turn over the identities of organizations that it or other government agencies see are being targeted by hackers.The 2020 Global State of Industrial Cybersecurity report found that 74% of IT security professionals are more concerned about a cyberattack on critical infrastructure than an enterprise data breach.
Water plant employees used same teamviewer software#
Most shocking, more than 80 percent of the major vulnerabilities that the surveyed facilities had were software flaws discovered before 2017, indicating a rampant problem of employees not updating their software. As many as 1 in 10 water and wastewater plants had recently found a critical cybersecurity vulnerability. Of those that do, an internal CISA survey conducted earlier this year, the results of which she shared with NBC, found dour results. Only a tiny fraction of the country's water facilities choose to use CISA's services - "several hundred" out of more than the 50,000 across the U.S., Anne Cutler, a spokesperson for the agency, said. But it doesn't regulate the sector and is largely confined to giving advice and assistance to organizations that ask for it. The Cybersecurity and Infrastructure Security Agency, the federal government's primary cybersecurity defense agency, is tasked with helping secure the country's infrastructure, including water. The former employee has pleaded not guilty, and his lawyer didn't respond to a request for comment. A night shift worker who had worked at the Post Rock Rural Water District logged into a remote online control system and tried to shut down the plant's cleaning and disinfecting operations in 2019, the Department of Justice said. attorney in Kansas indicted a former employee of a tiny water treatment plant in Ellsworth County over an incident that had happened two years earlier. That means hacks can take years to come to light, if they do at all. In most cases, it's up to individual water plants to protect themselves, and even if they're aware they've been hacked - a big if - they might not be inclined to tell the federal government, much less their customers. While individual facilities can ask the federal government for help to protect themselves, few do.
government has said it has no plans for one. There has never been a nationwide cybersecurity audit of water treatment facilities, and the U.S. "You don't really have a good assessment of what's going on," he said. "It's really difficult to apply some kind of uniform cyber hygiene assessment, given the disparate size and capacity and technical capacity of all the water utilities," said Mike Keegan, an analyst at the National Rural Water Association, a trade group for the sector.
Whether hacks on water plants have recently become more common or just more visible is impossible to tell, because there is no comprehensive federal or industry accounting of water treatment plants' security. In another previously unreported hack, the Camrosa Water District in Southern California was infected with ransomware last summer. In Pennsylvania, a state water warning system has reportedly alerted its members to two recent hacks at water plants in the state. But a number of facilities have been hacked in the past year, though most draw little attention. To date, a true catastrophe - where a hacker was able to poison a population's drinking water, causing mass sickness or even death - has not happened.
0 kommentar(er)
