“The problem is you can’t upgrade something like a water treatment plant as easily as an email system in a business because a water treatment plant has to be functioning all the time,” he said. Yet he acknowledged these tips were easier said than done and take time and money. Someone tried to poison a Florida city by hacking into the water treatment system, sheriff says
He was joined by Mayor Eric Seidel and City Manager Al Braithwaite. On Monday, February 8, 2021, Sheriff Bob Gualtieri gave a press conference surrounding the unlawful intrusion to the City of Oldsmar's water treatment system. He offered three recommendations for shoring up these systems: 1) no shared accounts 2) multi-factor authentication and 3) Virtual Private Network (VPN) technology so that the systems are not directly exposed to the Internet. “These systems were never designed for that purpose, and proper security was never put in place,” he said.ĭamon Small, who works with oil and gas companies with far-flung locations, said there are perfectly appropriate business reasons to set these systems up to work remotely. The pandemic has only sped up that process – but the heightened security needed with putting these systems online has not always followed. “You had to get past the guards with the guns, the fences, the video cameras, all the physical security measures in order to get access,” he explained.īut starting several years ago, many utility companies began putting their systems online to pave the way for remote work. And, in some cases, it has put previously secured work functions online, accessible to anyone with the right credentials.Įric Cole, a former CIA cybersecurity expert and author of the upcoming book “Cyber Crisis,” said that many critical infrastructure systems like water treatment plants were built as closed-loop systems and intentionally kept off the wider Internet. But it has also left workers more vulnerable to targeted attacks. The rise of remote work has provided flexibility for people to work without risking large gatherings of coworkers.
Martina Dier, a spokesperson for TeamViewer, said an investigation found no evidence of suspicious activity on its platform. All of the computers shared a single password to access an apparently disused version of the plant’s remote management software.Īccording to Pinellas County Sheriff Bob Gualtieri and a Massachusetts government advisory to public water suppliers, the hackers gained access to the water facility’s control systems through remote access software known as TeamViewer. Hacked Florida water plant reused passwords and had aging Windows installationsĪs CNN has reported, the treatment plant had used multiple computers running an aging version of Microsoft Windows to monitor the facility remotely.
0 kommentar(er)
