Tag Archive for: utilities.

National Guard is preparing for a major cyber attack that would bring down utilities across the US

/in


The National Guard has been preparing for a major cyber attack that would bring down utilities across the US, after the hack of the Colonial Pipeline brought the nation’s fuel supply to its knees.

Troops from across the New England region practiced tackling a massive simulated breach across critical infrastructure sectors including power, water and gas during a two-week training exercise this month.

The exercise involved a situation where a huge cyber attack targeted utilities on the West Coast before moving east across the country. 

Much like in a real-life scenario, National Guardsmen worked alongside government agencies – including the FBI, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the Federal Energy Regulatory Commission, and US Cyber Command – as well as private sector utility partners to respond to the crisis.

While the crisis was a simulation this time round, such an attack is looking increasingly possible.  

A series of recent, devastating attacks have sent warning signs about the risk cybersecurity breaches can bring to national infrastructure. 

When the Colonial Pipeline was targeted by hackers in May, it was forced to shut its entire network carrying 45 percent of all fuel to the East Coast, sparking a national fuel crisis that sent gas prices soaring.

Weeks later, the food supply chain was dealt a blow when hackers led to the four-day closures of plants belonging to America’s largest beef supplier JBS. 

The National Guard has been preparing for a major cyber attack that would bring down utilities across the US, after the hack of the Colonial Pipeline brought the nation's fuel supply to its knees. Pictured the two-week training exercise

The National Guard has been preparing for a major cyber attack that would bring down utilities across the US, after the hack of the Colonial Pipeline brought the nation’s fuel supply to its knees. Pictured the two-week training exercise

Troops from across the New England region practiced tackling a massive simulated breach across critical infrastructure sectors including power, water and gas during the Cyber Yankee Event (above)

Troops from across the New England region practiced tackling a massive simulated breach across critical infrastructure sectors including power, water and gas during the Cyber Yankee Event (above)

The Cyber Yankee event, which has been held for the last seven years and was carried out in Camp Edwards, Cape Cod, tested the ability of the National Guard cyber units to respond to a real-life cyberattack and trained them to collaborate with government and industry partners.  

Source…

Lessons Local Utilities Can Learn from the Oldsmar Water Plant Hack

/in


Anatomy of the Oldsmar Water Plant Attack

The FBI, the Department of Homeland Security, the U.S. Secret Service and the Pinellas County Sheriff’s Office are investigating the attack in Oldsmar, and it is unclear where the attack originated from and what the motivations of the attacker or attackers were.

According to a Massachusetts state advisory describing FBI findings on the attack, on Feb. 5, unidentified malicious actors “obtained unauthorized access, on two separate occasions, approximately five hours apart, to the supervisory control and data acquisition (SCADA) system” used at the plant.

They accessed the SCADA system “via remote access software, TeamViewer, which was installed on one of several computers the water treatment plant personnel used to conduct system status checks and to respond to alarms or any other issues that arose during the water treatment process.”

According to ProPublica, the city had actually stopped using TeamViewer six months earlier, but never disconnected the program.

LEARN MORE: What are the main security vulnerabilities in a smart city?

Alarmingly, according to the advisory, all computers used by personnel at the Oldsmar plant were connected to the SCADA system and used an outdated, 32-bit version of the Windows 7 operating system. Even more worrisome, the Massachusetts advisory states, “computers shared the same password for remote access and appeared to be connected directly to the Internet without any type of firewall protection installed.”

A plant operator noticed the first intrusion, according to ProPublica, but “didn’t think much of it” Pinellas County Sheriff Bob Gualtieri said at a news conference. It wasn’t until after the second intrusion, when the attacker took over a computer and changed the amount of sodium hydroxide in the water from 100 parts per million to 1,100 parts per million, that the plant worker alerted his boss. The worker lowered the levels of sodium hydroxide and the city called the county sheriff’s office three hours later, ProPublica reports.

“This is dangerous stuff,” Gualtieri said, according to The New York Times. “It’s a bad act. It’s a bad actor. It’s not just a little…

Source…

Chinese State Hackers Suspected Of Malicious Cyber Attack On U.S. Utilities – Forbes

/in

Chinese State Hackers Suspected Of Malicious Cyber Attack On U.S. Utilities  Forbes

A “malicious cyber campaign” targeting U.S. utilities has been identified—and the attack bears the hallmarks of APT10, a notorious Chinese hacking group …

“cyber warfare news” – read more

8 lesser known, but very useful, Apple Mac utilities

/in

Apple plans to increase iCloud security measures following recent celebrity hack scandal Your Mac comes with a bunch of Apps pre-installed, neatly organized in the Applications folder. You’ve got the iWork suite, AddressBook, iCal and some other useful …
mac hacker – read more