When cybersecurity info sharing makes headlines
When the sheriff of Oldsmar, Fla., held a press conference to discuss a Feb. 5 hack into the water treatment facility that could have poisoned the city’s water supply, many cybersecurity experts stood up and took notice.
The intruder seemed to have breached the plant’s industrial controls via a remote desktop monitoring application and may have taken advantage other cybersecurity weaknesses, such as lax password security and use of an unsupported operating system. That access was used to change chemical controls to dump lye into the city’s drinking water.
On Feb. 11, the Cybersecurity and Infrastructure Security Agency, the FBI, the Environmental Protection Agency and the Multi-State Information Sharing and Analysis Center issued a joint advisory outlining how cyber criminals can gain unauthorized access to systems by exploiting desktop-sharing software and end-of-life operating systems, particularly Windows 7, and making recommendations for defending water and wastewater systems.
Despite the government response, the fact that the hack made headlines at all was itself newsworthy. security expert and blogger Brian Krebs said.
According to Krebs’ Feb. 10 KrebsOnSecurity blog, online forums are full of posts from security researchers describing how they accessed industrial control systems through vulnerabilities in human-machine interfaces.
Hackers see smaller municipal utilities as attractive targets. T ..
Support the originator by clicking the read the rest link below.
