Tag Archive for: Water

Local water authorities insist we’re secure from system hackers | News

/in


NORTH PORT — You wouldn’t think twice about sipping cool water from the kitchen tap.

That’s after local and federal authorities reported an attempt to contaminate Oldsmar’s water supply, Pinellas County Sheriff Bob Gualtieri said. A hacker accessed the city’s water treatment system and remotely increased the level of sodium hydroxide — lye — by a factor of more than 100. The chemical controls acidity. But it’s deadly when used in heavier concentrations, as in drain cleaners.

Fortunately a water plant supervisor saw the changing levels on his home computer and intervened. Officials in Oldsmar, just north of St. Petersburg, insisted that safeguards are in place and have disabled the remote-access system used in the attack. Federal and local authorities are investigating.

Southwest Florida water authorities Tuesday said such an attack on our drinking water is not likely here. That’s because remote access at treatment sites is either nonexistent or limited to select administrators, and not to outside vendors, as was suggested in the Oldsmar data breach, locals officials say.

The Peace River Manasota Regional Water Supply Authority treats and distributes more water than anyone in the area. Built next to its water source, the Peace River, the facility straddles Kings Highway in southern DeSoto County, a few miles north of Interstate 75. It sends out 30 million gallons of fresh water each day to most of Charlotte County, and is integrated with North Port and other neighboring utilities.

Its plant is essentially a fortress of guards, cameras, sensors and gates, but very little remote software, said Patrick Lehman, the authority’s executive director. While software and computers run the system, the devices are managed internally, not patched into outside platforms that can be easier to infiltrate, he said.

Like bank security? he was asked Tuesday.

“Like a prison,” he countered in offering a limited peek, as the authority’s security measures are private. “Totally manned 24/7.”

The authority has other safeguards in the event that elite hackers — or hurricanes — shut off power to treatment facilities, which in both instances are the…

Source…

Atlanta Water head orders security review of computer system after Florida hack

/in


Atlanta officials reviews city’s water security

The FBI is raising awareness nationwide after the water system in a Florida town suffered a cyberattack.

ATLANTASerious concerns are being raised across the country after a hacker gained control of a Florida city’s water processing plant. The Atlanta City Council took up the issue on Tuesday during their meeting.

The FBI, Secret Service, and various Florida law enforcement agencies are investigating the breach of the Oldsmar’s water system computer last Friday around 8 a.m. It lasted only 5 minutes, but the hacker was able to change the chemical formula to dangerous levels. The hacker pushed the sodium hydroxide mixture to a toxic level — from 100 ppm to 11,100 ppm.

A worker saw the manipulation and changed the chemicals back to normal.

Experts say the biggest threat if it wasn’t caught, would be to the skin.

Tuesday, Atlanta City Council Member Howard Shook asked tough questions of the Atlanta Watershed Management Commissioner Mikita Browning. Shook asked the water chief “what steps will you take to ensure our system is protected?”

Browning assured the city council every step necessary will be taken to protect the city’s water supply. She said she was aware of the intrusion into the Florida city’s computer water system and had already ordered a review of Atlanta’s security status.

A cybersecurity expert, Matthew Dunn, with Raxis, said water facilities have redundant tools to check the water quality before the water reaches your home. The plant in Oldsmar has a similar check.

Florida officials said the water plant’s system was connected to the internet to allow for legitimate, remote use. That system has since been disconnected.

Browning did not comment on if Atlanta’s system ties into the internet or to what degree.

WATCH: FOX 5 Atlanta live news coverage

_____

Sign up for FOX 5 email alerts

Download the FOX 5 Atlanta app for breaking news and weather alerts.

Source…

Hack exposes vulnerability of cash-strapped US water plants

/in


ST. PETERSBURG, Fla. (AP) — A hacker’s botched attempt to poison the water supply of a small Florida city is raising alarms about just how vulnerable the nation’s water systems may be to attacks by more sophisticated intruders. Treatment plants are typically cash-strapped, and lack the cybersecurity depth of the power grid and nuclear plants.

A local sheriff’s startling announcement Monday that the water supply of Oldsmar, population 15,000, was briefly in jeopardy last week exhibited uncharacteristic transparency. Suspicious incidents are rarely reported, and usually chalked up to mechanical or procedural errors, experts say. No federal reporting requirement exists, and state and local rules vary widely.

“In the industry, we were all expecting this to happen. We have known for a long time that municipal water utilities are extremely underfunded and under-resourced, and that makes them a soft target for cyber attacks,” said Lesley Carhart, principal incident responder at Dragos Security, which specializes in industrial control systems.

“I deal with a lot of municipal water utilities for small, medium and large-sized cities. And in a lot of cases, all of them have a very small IT staff. Some of them have no dedicated security staff at all,” she said.

The nation’s 151,000 public water systems lack the financial fortification of the corporate owners of nuclear power plants and electrical utilities. They are a heterogenous patchwork, less uniform in technology and security measures than in other rich countries.

As the computer networks of vital infrastructure become easier to reach via the internet — and with remote access multiplying dizzily during the COVID-19 pandemic — security measures often get sacrificed.

“It’s a hard problem, but one that we need to start addressing,” said Joe Slowik, senior security researcher at DomainTools. He said the hack illustrates “a systemic weakness in this sector.”

Cybersecurity experts said the attack at the plant 15 miles northwest of Tampa seemed ham-handed, it was so blatant: Whoever breached Oldsmar’s plant on Friday using a remote access program shared by plant workers briefly increased the amount of lye —…

Source…

Hacker tried to poison Florida city’s water supply — GCN

/in


water treatment plant (People Image Studio/Shutterstock.com)

Hacker tried to poison Florida city’s water supply

  • By Susan Miller
  • Feb 09, 2021

As an employee at a water treatment plant watched, a hacker took control of his computer and changed chemical controls to dump lye into the drinking water of Oldsmar, Fla., a city of 15,000 near Tampa.

At about 8 a.m. on Feb. 5, a worker at the Oldsmar water treatment plant noticed that his computer was being remotely accessed by TeamViewer, a popular desktop control application that allows IT staff and supervisors to monitor operations and troubleshoot enterprise computers in remote locations. The worker “didn’t think much of it,” Pinellas County Sheriff Bob Gualtieri said at a Feb. 8 news conference, because such remote access was not unusual.

The intruder returned later that same day, moving the employee’s mouse to open functions that control water treatment protocols, including one that adjusts the amount of sodium hydroxide, or lye, in the water. The hacker changed that level from about 100 parts per million to 11,100 parts per million, potentially endangering Oldsmar residents. Fortunately, the operator who was watching the intruder’s movements immediately reduced the chemical to the appropriate level and notified a supervisor.

Such attacks on utility control systems are not unusual, according to Lesley Carhart, a principal threat analyst at Dragos, an industrial control system security firm. Carhart told Wired that even unsophisticated hackers can find thousands of connected systems with tools like Shodan, a search engine that lets users find specific types of internet-connected devices.

According to Carhart, water treatment and sewage plants are vulnerable targets, especially during the pandemic when some workers are remote and IT staff are under-resourced. It’s usually the complexity and redundancies built into industrial control systems that prevent hackers from causing serious consequences, she said.

Oldsmar’s water treatment plant has several redundancies in place to catch unexpected changes.

“If you change the…

Source…