Plants that control some of the most life-critical aspects of cities, towns, and villages such as water, power, gas, and oil, among others. Now add to this the fact that these organizations need to run some of the most critical industrial plants. As a result, there are serious cybersecurity vulnerabilities, oversights, and issues that are unaddressed at the root of a fast-growing weed. Cybersecurity is one of many competing priorities, creating a problem that is only compounded by understaffing. These organizations are often running on thin budgets. But the smaller local government organizations have a much larger systemic problem at hand. Props to Oldsmar officials for openly providing a detailed account and also warning other government organizations in the process. are standing and taking notice of the events at Oldsmar. The TeamViewer password being used for remote access was essentially one password that was shared between employees.Ĭities, counties, and local government organizations across the U.S. Further, all computers shared the same password for remote access and appeared to be connected directly to the Internet without any type of firewall protection installed.So, computers at the Oldsmar plant were apparently running an operating system that was no longer receiving security updates, patches, or even technical support from Microsoft. ![]() It is important to note that, as of mid-January 2020, Microsoft ended support for the Windows 7 operating system. All computers used by water plant personnel were connected to the SCADA system and used the 32-bit version of the Windows 7 operating system.Of note, that state advisory states (in italics): While Oldsmar officials haven’t provided further information yet, a State of Massachusetts advisory 2 goes into quite a significant amount of detail regarding the state of cybersecurity at the Oldsmar plant. Have these considerations been closely examined? That would suggest that the password was compromised either because it was too weak or that it was given away in a phishing attack, or worse, a much larger city-wide IT infrastructure-based attack. The Assistant City Manager at Oldsmar confirmed that the system did require a password.When opening up ports for TeamViewer, were these risks considered? What were the mitigating controls put in place to counteract those risks? Was the remote access setup implemented in a secure manner? These bots pick up such openings within hours, if not minutes. Hackers use automated bots to scan for openings such as these.Whether or not this was rushed through due to COVID-19, were the risks of using this software considered? Were alternative solutions were identified before going with a solution that has clearly failed in the past? The twain just met thanks to the TeamViewer software that was used. Industrial control plants like the one at Oldsmar are part of what is known as “operational technology.” These should be ideally segmented and segregated out from typical IT networks.This raises the question: Is there more than meets the eye here? Hackers are often known to “test the waters.” The timing and location of the attack seem a bit too coincidental. The attack took place a couple of days before a widely anticipated Super Bowl game in Tampa. Oldsmar is about 15 miles northwest of Tampa, Florida.And they’ve been equally ignored for a while. So, industrial control (IC) and supervisory control and data acquisition (SCADA) systems have been ripe hacker targets for a while now. Such attacks have hit closer home as well with the Illinois water pump system hacked 1 by Russian hackers in 2011. Ukraine faced a similar attack in 2016, reminding the world of the deep issues in industrial control system security. They were using it to work remotely during the ongoing COVID-19 pandemic. The City of Oldsmar has disabled the TeamViewer software now. Fortunately, the operator noticed his mouse moving by itself and immediately intervened to bring the levels back to normal. The attacker tried to increase the level of sodium hydroxide (also known as “lye”) to more than 100 times the normal levels. The hacker took control of the water treatment system through TeamViewer, a remote access software that allows you to access your laptop while working from home. This article explores those issues and provides security guidance for other cities worried about possibly similar attacks. Summary: A hacker’s attempt to inject lye into the city of Oldsmar’s water supply, raises troubling questions about whether cities in the United States have appropriate security controls over their critical infrastructure. Information Security Awareness Program Guide.Comprehensive Guides on Key Security Topics.Train People and Create a Human Firewall.Prepare for and Manage Security Breaches.Direct Crypto Investigations & Compliance.Ensure Compliance with Laws & Standards.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |