Tag Archive for: drinking

Hackers targeted US drinking water and wastewater facilities as recently as August, Homeland Security says

/in


WASHINGTON – The nation’s top civilian cybersecurity agency issued a warning Thursday about ongoing cyber threats to the U.S. drinking water supply, saying malicious hackers are targeting government water and wastewater treatment systems.

Authorities said they wanted to highlight ongoing malicious cyber activity “by both known and unknown actors” targeting the technology and information systems that provide clean, drinkable water and treat the billions of gallons of wastewater created in the U.S. every year.

The alert, which disclosed three previously unreported ransomware attacks on water treatment facilities, was issued by the Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA). It was the result of analytic efforts by DHS, the FBI, the Environmental Protection Agency and the National Security Agency.

One DHS cybersecurity official described it as the routine sharing of technical information between federal agencies and their industry partners “to help collectively reduce the risk to critical infrastructure in the United States.” Added a second Homeland Security official: “It’s not any indication of a new threat. We don’t want anyone to think that their drinking water supply is under attack.”

Both officials spoke on the condition of anonymity in order to elaborate on the agency’s public statements.

Despite their assurances, the advisory disclosed that in March 2019, a former employee at a Kansas-based water and waste water treatment facility unsuccessfully tried to threaten drinking water safety by logging in with his user credentials – which had not been revoked at the time of his resignation – to remotely access a facility computer.

In that case, a federal grand jury in Topeka, Kansas accused Wyatt Travnichek, 22, of tampering with the water treatment facilities for the sprawling, eight-county Post Rock Rural Water District.

The indictment, announced March 31, alleges that Travnichek’s job for the utility was to monitor the water plant remotely by logging into its computer system. Two months after he left his job with the water district in January 2019, it said, Travnichek logged in remotely with the intent of shutting shut down…

Source…

America’s drinking water is surprisingly easy to poison — GCN

/in


Close up pouring purified fresh drink water from the bottle on table (Cozine/Shutterstock.com)

America’s drinking water is surprisingly easy to poison

  • By Peter Elkind, Jack Gillum, ProPublica
  • Mar 18, 2021

This article was first posted to ProPublica.

On Feb. 16, less than two weeks after a mysterious attacker made headlines around the world by hacking a water treatment plant in Oldsmar, Florida, and nearly generating a mass poisoning, the city’s mayor declared victory.

“This is a success story,” Mayor Eric Seidel told the City Council in Oldsmar, a Tampa suburb of 15,000, after acknowledging “some deficiencies.” As he put it, “our protocols, monitoring protocols, worked. Our staff executed them to perfection. And as the city manager said, there were other backups. … We were breached, there’s no question. And we’ll make sure that doesn’t happen again. But it’s a success story.” Two council members congratulated the mayor, noting his turn at the press conference where the hack was disclosed. “Even on TV, you were fantastic,” said one.

“Success” is not the word that cybersecurity experts use to describe the Oldsmar episode. They view the breach as a case study in digital ineptitude, a frightening near-miss and an example of how the managers of water systems continue to downplay or ignore years of increasingly dire warnings.

The experts say the sorts of rudimentary vulnerabilities revealed in the breach — including the lack of an internet firewall and the use of shared passwords and outdated software — are common among America’s 151,000 public water systems.

“Frankly, they got very lucky,” said retired Adm. Mark Montgomery, executive director of the federal Cyberspace Solarium Commission, which Congress established in 2018 to upgrade the nation’s defenses against major cyberattacks. Montgomery likened the Oldsmar outcome to a pilot landing a plane after an engine caught fire during a flight. “They shouldn’t celebrate like Tom Brady winning the Super Bowl,” he said. “They didn’t win a game. They averted a disaster through a lot of good fortune.”

The motive and…

Source…

Dayton’s drinking water systems have layers of security designed to prevent hacking, officials say

/in


News Highlights: Dayton’s drinking water systems have layers of security designed to prevent hacking, officials say

“This is what we do,” Powell said.

The SCADA of the city of Xenia water treatment plant is also not connected to the Internet for security reasons, said Joe Bates, water treatment supervisor.

A hacker gained access to the system that controls the water treatment plant of an Oldsmar, a Florida city of 15,000 residents, and attempted to contaminate the water supply with a caustic chemical, exposing a hazard that cybersecurity experts say has grown as systems both become more automated as more accessible via the internet.

The hacker who broke the system at the Oldsmar city water treatment plant on Friday using a remote access program shared by factory workers briefly increased the amount of sodium hydroxide by a factor of a hundred (from 100 parts per million to 11,100 parts per million), Sheriff Bob Gualtieri of Pinellas County said during a news conference Monday.

Experts say municipal water and other systems have the potential to be an easy target for hackers, as local governments’ computing infrastructure is often underfunded.

Robert M. Lee, CEO of Dragos Security, and a specialist in industrial operating system vulnerabilities, said remote access to industrial operating systems such as those …

Read more from Source
Copyright @ www.daytondailynews.com

  • Check the latest Hacking news updates and information.
  • Please share this news Dayton’s drinking water systems have layers of security designed to prevent hacking, officials say with your friends and family to support us your one share helps us a lot.
  • Follow us on Facebook and Twitter if you need more updates like this.
Disclaimer: If you need to remove this content from our site then kindly contact us Learn more

Source…

Dayton’s drinking water systems have layers of security to curb hacking, officials say

/in


“This is what we do,” Powell said.

The city of Xenia water treatment plant’s SCADA also is not connected to the internet because of security reasons, said Joe Bates, water treatment supervisor.

A hacker gained entry to the system controlling the water treatment plant of a Oldsmar, a Florida city of 15,000, and tried to taint the water supply with a caustic chemical, exposing a danger cybersecurity experts say has grown as systems become both more computerized and accessible via the internet.

The hacker who breached the system at the city of Oldsmar’s water treatment plant on Friday using a remote access program shared by plant workers briefly increased the amount of sodium hydroxide by a factor of one hundred (from 100 parts per million to 11,100 parts per million), Pinellas County Sheriff Bob Gualtieri said during a news conference Monday.

Experts say municipal water and other systems have the potential to be easy targets for hackers because local governments’ computer infrastructure tends to be underfunded.

Robert M. Lee, CEO of Dragos Security, and a specialist in industrial control system vulnerabilities, said remote access to industrial control systems such as those running water treatment plants has become increasingly common.

“As industries become more digitally connected, we will continue to see more states and criminals target these sites for the impact they have on society,” Lee said.

ExploreDayton loses billions of gallons of water every year. What is it doing to stop the costly leaks?

Eight years ago Dayton officials made the decision not to put the computer systems that control its water plants on the internet because they noticed cybersecurity threats were on the rise, Powell said. The city also joined associations such as the Water Information Sharing and Analysis Center ― WaterISAC ― that alerts them whenever threats or other issues emerge relating to drinking water.

About 6 a.m. Tuesday, Powell received an alert from WaterISAC informing him about the breach in Florida and recommending eight action steps water utilities needed to take immediately to avoid similar hacks. Powell reviewed the list and said Dayton had already taken all those steps, he said.

Source…