Estimated reading time: 2 minutes, 1 second

Florida Water Hack May Hold National, Global Implications

As local authorities nationwide looked to shore up their cybersecurity in light of the hacking of a small-town Florida water treatment facility, officials on Capitol Hill heard suggestions that the attack may have originated overseas.

Chris Krebs, the former director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, told the House Homeland Security that the Oldsmar, Fla. hack was possibly the work of “an insider or a disgruntled employee.” As Fox News reports, Krebs said, “It is also possible that it was a foreign actor.”

Michael Daniel, the president & CEO of Cyber Threat Alliance, reportedly called for software upgrades to water facilities across the country. He told legislators, “Iran has shown itself very interested in water systems in other countries like Israel and even in the United States.”

The cyber attack took place two days before the Super Bowl. Oldsmar has a population of 15,000 and sits 12 miles from the Super Bowl stadium near Tampa. The hack boosted the percentage of lye until a plant supervisor spotted the digital intruder. Authorities said the breach lasted no more than five minutes.

Meanwhile, other U.S. water treatment facilities were left facing the challenge of how to be certain their systems were safe from another such attack. Damon Small, technical director of security consulting at NCC Group North America, told CNN that the hack underscores “the need for strong authentication when critical infrastructures are going to use these sorts of remote access systems.”

Eric Cole, a former CIA cybersecurity expert and author of the book Cyber Crisis, told CNN that while water treatment facilities have joined the online world in recent years to allow for remote work, appropriate security measures haven’t always followed. And Darron Small, who works with energy companies, noted that upgrading systems that need to be working all of the time, like water treatment, could be trickier than simply updating a business’s email network.

Water managers as far away as Utah were checking up on their systems in the wake of the incident, as KUTV in Salt Lake City reports. Zachary Renstrom, general manager of Utah’s Washington County Water Conservancy District, said, “Whenever I hear instances like this, it just sends a shiver to my spine.”

As CSHub reports, experts are recommending that water treatment facilities and similar networks shift away from TeamViewer, the third-party software compromised in the hack. Other suggestions include secure VPN and mandatory multi-factor authentication.

Read 1761 times
Rate this item
(0 votes)

Visit other PMG Sites:

PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.