![]() And safety and security get more mixed in Spanish language as the noun is the same "seguridad". We speak of security when thinking about how to protect the infrastructure and its systems from non authorised users nor actions however we speak of safety about how to protect the population, environment or workers from incidents at infrastructures, both for system failures, bad maneuvers or even by security incidents.in this last point things tend to get mixed. Perhaps is good to remember the difference between Security and Safety to support the aim of this writing Let's say first that Oldsmar plant was hitted by cyberattack abusing remote desktop tool called "Teamviewer" that the plant had installed, normally for maintenance purposes, so that the attacker gained full access to manipulate the plant behaviour. That's what they have to do.After attack to Oldsmar water plant some people raised questions about why there were not safety systems to protect the process. "They're going to keep the process running, keep society running. If they don't have the resources to do that and do cybersecurity, what are they going to do?" she asks. "They're doing whatever they have to to keep water flowing and sewage treated. She says she has dealt with entire cities whose municipal water treatment plant has only a single IT person. Water treatment and sewage plants, Carhart says, are often some of the most digitally vulnerable critical infrastructure targets in the United States, made more so by the budget cuts and remote work scenarios imposed by the Covid-19 pandemic. And there's an even more direct precedent: In 2016, Verizon Security Solutions reported that hackers broke into an unidentified water utility and changed the chemical levels. ![]() On the other end of the sophistication spectrum, the Russian hacker group known as Sandworm in December 2015 hijacked a remote-access software similar to the TeamViewer program used in Oldmar to open circuit breakers in Ukrainian electric utilities, turning off the power to a quarter-million civilians. "Do those things have a measurable impact on the real world? Very rarely."Ĭarhart points to a comparable incident-albeit one carried out by an insider rather than an external attacker-when a disgruntled IT consultant for a sewage treatment plant in the Australian shire of Maroochy used his remote access to dump millions of gallons of raw sewage into local parks and rivers. ![]() "Do I think that on a regular basis people are logging in to HMI systems and hitting buttons? Absolutely," says Carhart. It's often only the complexity and safeguards in industrial control systems that prevent hacker meddling from having serious consequences. Thousands of such systems are discoverable over the internet with search tools like Shodan, she points out. She says she's seen incidents firsthand in which even unsophisticated hackers access software applications that offer control of physical equipment-such as the TeamViewer remote access tool reportedly used in Oldmar or the human-machine interfaces (HMIs) that directly control equipment-and start messing with them. Even if he hadn't, the poisoned water would have taken 24 to 36 hours to reach the city's population, and automated PH testing safeguards would have triggered an alarm and caught the change before anyone was harmed, they say.Īs unprecedented as Oldmar's public announcement of a cybersabotage attempt on its water systems may be, the attack it describes is hardly unique, says Lesley Carhart, a principal threat analyst at industrial control system security firm Dragos. At high levels, it severely damages any human tissue it touches.Īccording to city officials, the operator quickly spotted the intrusion and returned the sodium hydroxide to normal levels. In low concentrations the corrosive chemical regulates the PH level of potable water. Within seconds, the intruder was attempting to change the water supply's levels of sodium hydroxide, also known as lye or caustic soda, moving the setting from 100 parts per million to 11,100 parts per million. The cursor began clicking through the water treatment plant's controls. This time there would be no illusion of benign monitoring from a supervisor or IT person. Initially, he wasn't concerned the plant used the remote-access software TeamViewer to allow staff to share screens and troubleshoot IT issues, and his boss often connected to his computer to monitor the facility's systems.īut a few hours later, police say, the plant operator noticed his mouse moving out of his control again. Around 8 am on Friday morning, an employee of a water treatment plant in the 15,000-person city of Oldsmar, Florida, noticed that his mouse cursor was moving strangely on his computer screen, out of his control, as local police would later tell it.
0 Comments
Leave a Reply. |