Dunedin is expected to complete a $32 million upgrade next month to its water treatment plant including new pumps, processes, software, “a total retrofit,” said Paul Stanek, Dunedin’s assistant public works and utilities director. Petersburg’s water utility and Tampa Bay Water completed a cybersecurity vulnerability assessment through the Department of Homeland Security within the past six months, and no vulnerabilities were found, Water Resources Director John Palenchar said. The system also does not use remote access, meaning employees have to be physically at the operations center to log on. The regional water system is on a private network, which makes it less susceptible to outside attacks. But other Tampa Bay-area water providers said they don’t have the same vulnerabilities that opened the door for the Oldsmar attack.Ĭhuck Carden, interim general manager of Tampa Bay Water, which supplies Pinellas, Hillsborough and Pasco counties, said the same breach would not be possible in Tampa Bay Water’s system because of strict safeguards. Oldsmar Mayor Eric Seidel said the investigating agencies had asked him to withhold further comment on the attack. While other utilities might not have the same issue as Oldsmar, security on a whole is something many water system managers are playing catch-up on. Oldsmar’s breach, experts say, is a symptom of a larger security issue within the critical infrastructure sector. White House Press Secretary Jen Psaki addressed it during a Tuesday news conference, saying that the Biden administration is “focused on elevating cybersecurity as a threat that has only increased over the past several years.” The incident also became a hot topic among the national cybersecurity community. įriday’s attack became public knowledge - and national news - on Monday. Officials said an attacker used a remote-access software to infiltrate the plant's computer system last week. Haddock Water Treatment Plant is seen Tuesday, Feb. This, in partnership with continued user education in being diligent and applying critical thinking analysis to system activity reports, is critical.The Bruce T. Humphries adds, "Working smarter with automation technologies in managing large volumes of data streams, analyzing them for anomalies and reporting risk in real time, is the only way forward for CNI protection. Relying on users alone for the protection of our CNI systems does not (and will not) scale." Any abnormality - regardless of how small - should be investigated, triaged and managed accordingly. We’ve got to ensure we’re monitoring OT systems far more diligently by capturing all viable log data in terms of access control, system settings and maintenance. Regardless of whether systems in operational technology (OT) environments are air-gapped or not, if there’s a digital route to the system, then it’s at risk. The need to understand and baseline normal in terms of critical asset/system access is absolutely key in protecting critical infrastructure. Sam Humphries, security strategist at Exabeam, says, “Critical national infrastructure (CNI) is at the top of the target list for adversaries, given the impact if successful - even in part. In fact, the 2020 Global State of Industrial Cybersecurity report found that 74% of IT security professionals are more concerned about a cyberattack on critical infrastructure than an enterprise data breach." When a cyberattack is attempted against critical infrastructures such as hospitals, electrical grids, or water systems, the potential repercussions can affect thousands of individuals like you and me. Others extract valuable PII to sell on the Dark Web, while others look to extort money due to ransomware. Some hackers simply aim to cause disruption. Michael Sena, executive director of the Northern California Regional Intelligence Center, confirmed NBC’s report about the security breach, but declined to say where it occurred or who carried it out.īill O’Neill, VP, public sector, ThycoticCentrify, explains, “The consequences of a data breach can vary greatly depending on the intention of the adversary. NBC News first reported Thursday that the unidentified criminal used a former plant employee's username and password to gain entry to the unidentified Bay Area water treatment facility on Jan.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |