[ad_1]
Oldsmar, Florida suffered one of the biggest cybersecurity fears on Friday: hackers seeking to poison its water supply.
This is the kind of breach that has been warned about for years but is rarely seen. Experts say the hack, which was resolved quickly, is a prime example of why the cybersecurity of the US water supply remains one of the country’s biggest infrastructure risks.
And like the American electoral system, it is generally a sprawling and varied challenge.
“The water facilities are particularly problematic,” said Suzanne Spaulding, who was head of cybersecurity in the Department of Homeland Security under the Obama administration. “When I first arrived at DHS and started receiving sector briefings, my team said, ‘Here’s what you need to know about water installations: When you saw a water installation. water, you saw a water installation. ‘”
The approximately 54,000 drinking water systems in the United States are managed independently, either by local governments or by small businesses. This means that there are thousands of different security configurations, often managed by generalists responsible for the technology of their particular systems.
“I’ve been to a lot of water treatment facilities where there is an IT guy or two,” said Lesley Carhart, senior threat analyst at cybersecurity firm Dragos. “And they have to manage everything from provisioning the computers and devices that keep the infrastructure running to trying to secure it.
“Most are very aware of it, but they’re just drowning,” she said. “They don’t know how to accomplish all they need to do to make things work from an IT perspective and fill in the compliance boxes.”
All of Oldsmar’s cybersecurity services, including the water treatment plant, are run by one man, City Manager Al Braithwaite, Deputy City Manager Felicia Donnelly said in an email.
In the case of the Oldsmar attack, all the hackers needed to gain access were to log into a TeamViewer account, which allows remote users to take full control of a computer associated with the factory. This allowed them to open and play with a program that fixes the chemical content of the underground water reservoir that provides drinking water to nearly 15,000 people. The facility has back-up alarms to measure levels of dangerous chemicals, but hackers were at least briefly able to order the plant to poison the water.
With just a few clicks, they told him to increase the levels of lye in the water from 100 to 11,100 parts per million. Anything over 10,000 can lead to “difficulty swallowing, nausea / vomiting, abdominal pain, and even potentially damage to the gastrointestinal tract,” said Dr. Kelly Johnson-Arbor, physician toxicologist at the National Capital Poison Center. , in an email.
Bryson Bort, a cybersecurity consultant who helped start ICS Village, a nonprofit that raises awareness about cybersecurity for industrial systems, said that such a practice – setting up a computer program that enables users to take control of sensitive industrial systems – is extremely common in industrial systems. who do not have the means to employ teams of experts to be on call at all hours.
“If you think about it, you have a challenge both technically and in terms of resources to be able to handle things,” he said in a phone interview. “So the ability to get an alert light at 3 a.m. and get that expert has value. People are still puzzled that this is so, but it is so. I do not have a choice. “
Download the NBC News app for the latest news and Politicss
Hackers sponsored by foreign governments routinely target U.S. industrial systems, which are often labyrinthine enough that a simple intrusion usually won’t let them shut down the infrastructure. It is not known who or what was behind the Oldsmar hack.
Federal officials have long been concerned about a potential “cyber Pearl Harbor” incident, in which hackers could physically damage US infrastructure. While that hasn’t happened, the United States is eager to retaliate when an adversary country gets too close.
In 2013, a hacker broke into computers that controlled the Bowman Dam in Rye, New York, and could have accessed its controls had it not been for maintenance offline. Three years later, the Justice Ministry accused an Iranian national of hacking, claiming he worked for a company linked to the Iranian Revolutionary Guard Corps.
And last year, the Treasury Department sanctioned a Russian government institution suspected of creating a powerful and destructive program called Triton, which targets industrial systems.
There is no public evidence that an American company has been seriously harmed by Triton. But that doesn’t mean that hackers in those countries aren’t trying to exploit open holes in U.S. infrastructure, Carhart said. This means they know better than to cause jumper damage.
“The pirates from foreign states are here. They are in the water services, I promise you. But they know better than pushing buttons today,” she said.
“They’re going to wait until they have a really good reason to push the buttons. They’re there. We find them all the time.”
[ad_2]
Source link