Tag Archive for: Water

Kansas Man Indicted for Hacking, Tampering with a Public Water System – Homeland Security Today

/in


A Kansas man has been indicted on a federal charge accusing him of tampering with a public water system, Acting U.S. Attorney Duston Slinkard said Wednesday.

Wyatt A. Travnichek, 22, of Ellsworth County, Kansas is charged with one count of tampering with a public water system and one count of reckless damage to a protected computer during unauthorized access.

“Our office is committed to maintaining and improving its partnership with the state of Kansas in the administration and implementation of the Safe Drinking Water Act of 1974,” said Acting U.S. Attorney Duston Slinkard. “Drinking water that is considered safe is essential to the protection of the public’s health.”

The indictment alleges that on or about March 27, 2019, in the District of Kansas, Travnichek knowingly accessed the Ellsworth County Rural Water District’s protected computer system without authorization. During this unauthorized access, it is alleged Travnichek performed activities that shut down the processes at the facility which affect the facilities cleaning and disinfecting procedures with the intention of harming the Ellsworth Rural Water District No. 1, also known as Post Rock Rural Water District.

“By illegally tampering with a public drinking water system, the defendant threatened the safety and health of an entire community,” said Lance Ehrig, Special Agent in Charge of EPA’s Criminal Investigation Division in Kansas. “EPA and its law enforcement partners are committed to upholding the laws designed to protect our drinking water systems from harm or threat of harm. Today’s indictment sends a clear message that individuals who intentionally violate these laws will be vigorously prosecuted.”

Upon conviction, the alleged crimes carry the following penalties:

Tampering with a Public Water System: Up to 20 years in federal prison and a fine up to $250,000.
Reckless Damage to a Protected Computer During Unauthorized Access: Up to 5 years in federal prison and a fine up to $250,000.

Read more at the Justice Department

(Visited 8 times, 1 visits today)

Source…

America’s drinking water is surprisingly easy to poison — GCN

/in


Close up pouring purified fresh drink water from the bottle on table (Cozine/Shutterstock.com)

America’s drinking water is surprisingly easy to poison

  • By Peter Elkind, Jack Gillum, ProPublica
  • Mar 18, 2021

This article was first posted to ProPublica.

On Feb. 16, less than two weeks after a mysterious attacker made headlines around the world by hacking a water treatment plant in Oldsmar, Florida, and nearly generating a mass poisoning, the city’s mayor declared victory.

“This is a success story,” Mayor Eric Seidel told the City Council in Oldsmar, a Tampa suburb of 15,000, after acknowledging “some deficiencies.” As he put it, “our protocols, monitoring protocols, worked. Our staff executed them to perfection. And as the city manager said, there were other backups. … We were breached, there’s no question. And we’ll make sure that doesn’t happen again. But it’s a success story.” Two council members congratulated the mayor, noting his turn at the press conference where the hack was disclosed. “Even on TV, you were fantastic,” said one.

“Success” is not the word that cybersecurity experts use to describe the Oldsmar episode. They view the breach as a case study in digital ineptitude, a frightening near-miss and an example of how the managers of water systems continue to downplay or ignore years of increasingly dire warnings.

The experts say the sorts of rudimentary vulnerabilities revealed in the breach — including the lack of an internet firewall and the use of shared passwords and outdated software — are common among America’s 151,000 public water systems.

“Frankly, they got very lucky,” said retired Adm. Mark Montgomery, executive director of the federal Cyberspace Solarium Commission, which Congress established in 2018 to upgrade the nation’s defenses against major cyberattacks. Montgomery likened the Oldsmar outcome to a pilot landing a plane after an engine caught fire during a flight. “They shouldn’t celebrate like Tom Brady winning the Super Bowl,” he said. “They didn’t win a game. They averted a disaster through a lot of good fortune.”

The motive and…

Source…

Oldsmar tightens up security following water plant hack | North County

/in


OLDSMAR — The city of Oldsmar became world renowned for all the wrong reasons after the North Pinellas community’s water treatment plant suffered a software breach over Super Bowl weekend.

The Feb. 5 hack, which investigators said involved an unknown party accessing the facility’s computer system and altering the chemical composition of the water supply, received international attention and shined a spotlight on the shortcomings of a critical component of the nation’s infrastructure system.

Officials said the breach attempted to raise the level of sodium hydroxide, commonly known as lye, in the water supply to dangerous levels. It was spotted by a plant worker, who notified a supervisor who subsequently called the Pinellas County Sheriff’s Office, leading some to praise the alert employee.

“I commend the vigilance of the staff to catch something like that,” said Josiah Cox, president and founder of Central States Water Resources, which operates more than 250 water treatment plants in five midwestern states. “Small systems actually a lot of times are harder to run than larger systems just because you don’t have the redundancies and larger staffs and the same resources. So, the fact that they were paying that close attention to what was going on was really awesome and shows how much they care.”

While the worker’s quick actions drew praise, the reason behind the breach, reportedly attributed to a combination of outdated software and lax screen-sharing practices, earned criticism from all corners of the globe. It has forced Oldsmar officials to reassess and upgrade the security measures at the facility.

“We have addressed the cyber-related deficiencies that were reported in several FBI bulletins,” City Manager Al Braithwaite said during a Feb. 16 City Council meeting. “There will be enhancements that I will recommend to council that we will make as a result of the investigation to ensure optimal cyber-security for all of Oldsmar’s critical assets.”

Mayor Eric Seidel thanked Braithwaite, Assistant City Manager Felicia Donnelly and Public Works staff “for all the hard work and extra effort that has gone in after the…

Source…

After hack at Florida plant, local officials say layers of security keep water safe

/in


HOLLYWOOD, Fla. – A day after Pinellas County authorities reported a cyber intruder’s failed attempt to poison the water on Friday at a plant near Tampa, officials in Miami-Dade and Broward counties said water treatment plants in South Florida are safe.

A supervisor at the Oldsmar water plant reported witnessing when the hacker changed the sodium hydroxide settings and quickly fixed it. Authorities said there were other safeguards that would have caught the chemical change. The area was hosting the Super Bowl on Sunday.

The FBI was still investigating the breach of the remote-access system on Tuesday. A. Selcuk Uluagac leads Florida International University’s Cyber-Physical Systems Security Lab. He said other systems such as the smart grid, oil and gas plants, and transportation systems use similar technologies.

“These systems should not be directly connected to the internet and also they should be layered,” Uluagac said.

Ad

The Miami-Dade Water and Sewer Department produces 320 million gallons a day of drinking water and serves nearly 2.3 million residents and thousands of tourists. Jose Cueto, the interim director of the department, said the public needs to know it’s safe and reliable.

“At no point is our treatment process vulnerable to bad actors and those type of security threats,” Cueto said on Tuesday.

Lars Schmekel, Miami-Dade County’s chief information security officer, said the local Supervisory Control and Data Acquisition, a control system of software and hardware elements allow them to monitor the process.

“There are multiple levels of authentication,” Schmekel said.

In Broward County, there is a similar system of checks and balances. Joann Hussey, a spokeswoman for the city of Hollywood, said there is staff onsite around the clock, alarms that sound when things are off and only a small team is authorized to make adjustments.

Ad

“There is no automated way for those chemicals to be added into the system if a hacker was able to get into the system,” Hussey said. “Those chemicals are added manually.”

Alan Garcia, the director of the Broward County Water and Wastewater Services, said the public has absolutely nothing to worry about.

“We are…

Source…