Why Water Plants are So Vulnerable to Hackers

By
Tammy Waitt
-
Sophisticated hackers that targeted the water treatment plant during the Super Ball last weekend, reportedly monitored the facility remotely, using an old version of Microsoft Windows and a password to access an disused version of the plant's remote management software. (Courtesy of Manuel Darío Fuentes Hernández from Pixabay)
Sophisticated hackers that targeted the water treatment plant during the Super Ball last weekend, reportedly monitored the facility remotely, using an old version of Microsoft Windows and a password to access an disused version of the plant's remote management software. (Courtesy of Manuel Darío Fuentes Hernández from Pixabay)

February 10, 2021 – In Breaking News – Fortune

A hacker’s botched attempt to poison the water supply of a small Florida city is raising alarms about just how vulnerable the nation’s water systems may be to attacks by more sophisticated intruders.

Treatment plants are typically cash-strapped, and lack the cybersecurity depth of the power grid and nuclear plants.

A local sheriff’s startling announcement Monday that the water supply of Oldsmar, population 15,000, was briefly in jeopardy last week exhibited uncharacteristic transparency.

(Authorities in Florida said investigations were underway after a hacker attempted to poison the water supply to the city of Oldsmar on February 5. Courtesy of Bloomberg Quicktake: Now and YouTube. Posted on Feb 8, 2021.)

Suspicious incidents are rarely reported, and usually chalked up to mechanical or procedural errors, experts say.

No federal reporting requirement exists, and state and local rules vary widely.

Lesley Carhart, Principal Industrial Incident Responder at Dragos, Inc.
Lesley Carhart, Principal Industrial Incident Responder at Dragos, Inc.

“In the industry, we were all expecting this to happen. We have known for a long time that municipal water utilities are extremely underfunded and under-resourced, and that makes them a soft target for cyber attacks,” said Lesley Carhart, principal incident responder at Dragos Security, which specializes in industrial control systems.

“I deal with a lot of municipal water utilities for small, medium and large-sized cities. And in a lot of cases, all of them have a very small IT staff. Some of them have no dedicated security staff at all,” she said.

The nation’s 151,000 public water systems lack the financial fortification of the corporate owners of nuclear power plants and electrical utilities.

They are a heterogenous patchwork, less uniform in technology and security measures than in other rich countries.

As the computer networks of vital infrastructure become easier to reach via the internet — and with remote access multiplying dizzily during the COVID-19 pandemic — security measures often get sacrificed, which appeared to be the case at Oldsmar.

Continue reading… Why water plants are so vulnerable to hackers

AST strives to meet a 3 STAR trustworthiness rating, based on the following criteria:

  • Provides named sources
  • Reported by more than one notable outlet
  • Includes supporting video, direct statements, or photos

Subscribe to the AST Daily News Alert Here.

RELATED ARTICLESMORE FROM AUTHOR