Tag: Plants | SpinSafe

Alabama-based Sentar gets federal grant to boost cybersecurity for nuclear plants

August 17, 2023/in Internet Security

Federal grant money will help a business in Alabama build up the capability to address cybersecurity threats against U.S. nuclear power plants. File Photo by John Angelillo/UPI

Aug. 17 (UPI) — A federal grant will help with the development of a proof-of-concept study targeting potential cybersecurity threats at the nation’s nuclear power plants, Alabama-based Sentar said Thursday.

Sentar, which is geared toward cyber intelligence, said it secured a small-business research grant from its latest client, the Department of Energy.

Advertising

“Cyber resilience and reliability must become an operational imperative for critical infrastructure,” said Gary Mayes, the company’s senior research director. “It is essential to have the ability to mitigate damage once subjected to a cyber-attack and continue to maintain operations when systems or data have been compromised.”

The grant follows an early-year report from defense consultant Booz-Allen warning of cybersecurity threats from China. The Communist government, the report warned, uses cyberattacks “below the threshold of war” to target critical infrastructure in the United States.

Two years ago, the Port of Houston, among the largest in the country, was the target of a cyberattack that the Cybersecurity and Infrastructure Security Agency Director said was likely from an unidentified “nation-state actor.”

The White House released a national strategy to address the issue. The National Cybersecurity Strategy seeks to make two fundamental changes in the government’s digital security protocols, including a plan to enlist more help from the private sector to mitigate cyber risks, and a program to boost federal incentives to companies that make long-term investments in cybersecurity.

Sentar offered no details about its federal grant, though it did say that work on the project would begin immediately at its headquarters in Alabama.

Source…

4 Russian spies tried to hack power plants across world: Feds

March 24, 2022/in Computer Security

Three Russian spies tried to take control of power plants in a wide-ranging hacking conspiracy that targeted hundreds of energy companies in 135 countries, US federal prosecutors announced Thursday.

The trio were members of a covert unit within the Russian Federal Security Service nicknamed “Dragonfly” that hacked the hardware and software of computer systems that controlled nuclear power plants and other energy facilities, the Department of Justice said in a newly unsealed indictment.

Pavel Aleksandrovich Akulov, 36, Mikhail Mikhailovich Gavrilov, 42, and Marat Valeryevich Tyukov, 39, used “spearphishing” email scams to gain access to systems at various companies, then hid malware in software updates that was spread to over 17,000 users, according to the indictment.

The two-phased conspiracy allegedly lasted between 2012 and 2017 with targets including the US Nuclear Regulatory Commission, an unnamed New York-based renewable energy facility and Wolf Creek Nuclear Operating Corp. in Kansas, where a grand jury returned the indictment against the spies in August.

Some of the other companies targeted by the Russian government spies were located in the UK, Canada, China, France and Germany, prosecutors claim.

Duston Slinkard, US attorney for the District of Kansas, said the DOJ was focused on “its mission to protect the safety and security of our nation.”

Marat Valeryevich Tyukov and others used “spearphishing” email scams to gain access to systems at various companies.

Department of Justice

Mikhail Mihailovich Gavrilov — Mikhailovich Gavrilov is also facing including identity theft charges, the DOJ said.

Pavel Alexsandrovich Akulov is among the group that are facing charges that come with a maximum sentence of 20 years.

“The potential of cyberattacks to disrupt, if not paralyze, the delivery of critical energy services to hospitals, homes, businesses and other locations essential to sustaining our communities is a reality in today’s world,” Slinkard said in a statement.

“We must acknowledge there are individuals actively seeking to wreak havoc on our nation’s vital infrastructure system, and we must remain…

Source…

In a first for Maine, ransomware hackers hit 2 public wastewater plants

August 15, 2021/in Computer Security

By Kate Cough of the Maine Monitor

The Department of Environmental Protection has warned municipalities and water-sector professionals to be on alert after two recent ransomware intrusions, believed to be the first on wastewater systems in Maine.

The attacks occurred in Limestone and Mount Desert Island, said Judy Bruenjes, a wastewater technical assistance engineer for the DEP.

“They were both fairly minor, there was no threat to the public, there was no violation, no excursion, no health and safety threat. It wasn’t like the Colonial pipeline, but it was a concern for us that these small facilities were being targeted,” Bruenjes said.

In May, hackers forced the shutdown of the Colonial, one of the nation’s largest oil pipelines.

Jim Leighton, superintendent for the Limestone Water and Sewer Department, said the attack occurred over the July 4 weekend on a computer, running Windows 7, that was due for an upgrade. No taxpayer or ratepayer information was compromised, said Leighton.

“We said enough of that, it’s not worth paying a ransom for,” he continued. “We had to update it anyway.”

Ed Montague, superintendent for Mount Desert Wastewater, said in an email: “The office computers were down for approximately three working days… Our treatment plants were not affected as they are manually controlled with no automated inputs.” No ransom was paid and no personal information was compromised, said Montague, and town and IT professionals were notified.

State officials warn that the attacks should be taken seriously. Cybersecurity experts say hackers are targeting smaller organizations, often with important infrastructure roles, and scaling their ransom demands accordingly.

Source…

Hack exposes vulnerability of cash-strapped U.S. water plants

February 11, 2021/in Computer Security

ST. PETERSBURG, Fla. >> A hacker’s botched attempt to poison the water supply of a small Florida city is raising alarms about just how vulnerable the nation’s water systems may be to attacks by more sophisticated intruders. Treatment plants are typically cash-strapped and lack the cybersecurity depth of the power grid and nuclear plants.

A local sheriff’s startling announcement Monday that the water supply of Oldsmar, population 15,000, was briefly in jeopardy last week exhibited uncharacteristic transparency. Suspicious incidents are rarely reported and usually are chalked up to mechanical or procedural errors, experts say. No federal reporting requirement exists, and state and local rules vary widely.

“In the industry, we were all expecting this to happen. We have known for a long time that municipal water utilities are extremely underfunded and under-resourced, and that makes them a soft target for cyberattacks,” said Lesley Carhart, principal incident responder at Dragos Security, which specializes in industrial control systems.

“I deal with a lot of municipal water utilities for small, medium and large-sized cities. And in a lot of cases, all of them have a very small IT staff. Some of them have no dedicated security staff at all,” she said.

The nation’s 151,000 public water systems lack the financial fortification of the corporate owners of nuclear power plants and electrical utilities. They are a heterogenous patchwork, less uniform in technology and security measures than in other rich countries.

As the computer networks of vital infrastructure become easier to reach via the internet — and with remote access multiplying dizzily during the COVID-19 pandemic — security measures often get sacrificed. That appeared to be the case at Oldsmar.

Cybersecurity experts said the attack at the plant 15 miles northwest of Tampa seemed ham-handed, it was so blatant. Whoever breached Oldsmar’s plant on Friday using a remote access program shared by plant workers briefly increased the amount of lye — sodium hydroxide — by a factor of 100, according to Pinellas County Sheriff Bob Gualtieri. Lye is used to lower acidity, but in high concentrations it is highly…

Source…

Tag Archive for: Plants