Tag: plant | Page 5

After hack at Florida plant, local officials say layers of security keep water safe

February 26, 2021/in Computer Security

HOLLYWOOD, Fla. – A day after Pinellas County authorities reported a cyber intruder’s failed attempt to poison the water on Friday at a plant near Tampa, officials in Miami-Dade and Broward counties said water treatment plants in South Florida are safe.

A supervisor at the Oldsmar water plant reported witnessing when the hacker changed the sodium hydroxide settings and quickly fixed it. Authorities said there were other safeguards that would have caught the chemical change. The area was hosting the Super Bowl on Sunday.

The FBI was still investigating the breach of the remote-access system on Tuesday. A. Selcuk Uluagac leads Florida International University’s Cyber-Physical Systems Security Lab. He said other systems such as the smart grid, oil and gas plants, and transportation systems use similar technologies.

“These systems should not be directly connected to the internet and also they should be layered,” Uluagac said.

Ad

The Miami-Dade Water and Sewer Department produces 320 million gallons a day of drinking water and serves nearly 2.3 million residents and thousands of tourists. Jose Cueto, the interim director of the department, said the public needs to know it’s safe and reliable.

“At no point is our treatment process vulnerable to bad actors and those type of security threats,” Cueto said on Tuesday.

Lars Schmekel, Miami-Dade County’s chief information security officer, said the local Supervisory Control and Data Acquisition, a control system of software and hardware elements allow them to monitor the process.

“There are multiple levels of authentication,” Schmekel said.

In Broward County, there is a similar system of checks and balances. Joann Hussey, a spokeswoman for the city of Hollywood, said there is staff onsite around the clock, alarms that sound when things are off and only a small team is authorized to make adjustments.

Ad

“There is no automated way for those chemicals to be added into the system if a hacker was able to get into the system,” Hussey said. “Those chemicals are added manually.”

Alan Garcia, the director of the Broward County Water and Wastewater Services, said the public has absolutely nothing to worry about.

“We are…

Source…

Florida Water Plant Hackers Exploited Old Software And Poor Password Habits

February 15, 2021/in Computer Security

The world took notice when a cyber attacker breached a Florida city’s water treatment plant and tried to poison the water supply. New details about the incident reveal serious cyber security shortcomings at the plant.

Water Pipeline in Water Treatment Plant

getty

As reported by Ars Technica, a Private Industry Notification (PIN) from the FBI noted two major issues. One was that the compromised computer at the Oldsmar water treatment facility was running an “outdated Windows 7 operating system.”

That statement applies to pretty much any computer running Windows 7 at this point. As of January 14 last year Microsoft had stopped offering software updates, security updates or fixes and technical support for Windows 7. Ahead of that date Microsoft had warned that “While you could continue to use your PC running Windows 7, without continued software and security updates, it will be at greater risk for viruses and malware.”

Microsoft had already extended support for Windows 7 on a couple of occasions and the company provides plenty of notice when it’s ending support. Nevertheless it’s not uncommon for organizations to continue using an operating system beyond its end-of-support date.

Specialized applications — like those that control the water treatment system at the Florida plant — may not be compatible with a newer OS. Faced with the possibility of a broken piece of critical software, many organizations choose to continue running the outdated OS. This incident once again underscored just how risky that practice can be.

Another failing revealed in the Bureau’s notification is that staff all utilized the same password for remote access via the Teamviewer application. That same password was used on all of the plant’s computers and it’s believed that the attacker(s) used that password to break in.

That’s two very big cyber security strikes already. The third? The plant’s computers “appeared to be connected directly to the Internet without any type of firewall protection installed.”

Firewalls provide a first line of defense against unauthorized access. They’re an important part network security in any situation. In a case where the…

Source…

Outdated computer system exploited in Florida water treatment plant hack

February 11, 2021/in Computer Security

Investigators are still trying to determine who’s behind the hack.

February 10, 2021, 11:20 PM

4 min read

An outdated version of Windows and a weak cybersecurity network allowed hackers to access a Florida wastewater treatment plant’s computer system and momentarily tamper with the water supply, federal investigators revealed in a memo obtained by ABC News.

The FBI’s Cyber Division on Tuesday notified law enforcement agencies and businesses to warn them about the computer vulnerabilities, which led to the Bruce T. Haddock Water Treatment Plant in Oldsmar being hacked on Feb. 5.

The plant’s computer systems were using Windows 7, which hasn’t received support or updates from Microsoft in over a year, according to the FBI.

“The cyber actors likely accessed the system by exploiting cybersecurity weaknesses, including poor password security and an outdated Windows 7 operating system to compromise software used to remotely manage water treatment,” investigators wrote in the report. “The actor also likely used the desktop sharing software TeamViewer to gain unauthorized access to the system.”

The hacker was able to use remote access software to raise the levels of sodium hydroxide in the water from about 100 parts per million to 11,100 parts per million for a few minutes, according to investigators. Sodium hydroxide is used in liquid drain cleaners and used, in small doses, to remove metals from water.

A plant manager who noticed the hack as it unfolded was able to return the system to normal before there any major damage occurred, investigators said. The public was never in danger because it would have taken 24 to 36 hours for tainted water to hit the system if no one intervened.

The FBI and other law enforcement agencies are still trying to determine who was behind the…

Source…

TikTok Flaw Allows Threat Actors to Plant Forged Videos in User Feeds

April 14, 2020/in Mobile Security

The popular video-sharing apps’s use of HTTP to download media content instead of a secure protocol could lead to the spread of misinformation on the platform.
Mobile Security – Threatpost

Tag Archive for: plant