What can Municipalities do to better protect water systems from hackers?
Recently, an unknown person violated the electronic systems of the drinking water treatment plant in Oldsmar, Florida (USA) and tried to poison the city's water supply by changing the levels of sodium hydroxide.
There are concerns about possible similar future cyberattacks against other poorly protected water treatment systems in small towns around the world and what can be done to prevent such attacks. attacks.
In the case of Florida, cybercriminals used remote access tools to invade and alter the levels of chemicals in the water supply, raising them to potentially dangerous levels.
This is worrying, among other things, because it is not a blind attack but a targeted attack that takes time to plan and implement. And while this incident was not an attack taking advantage of zero-day vulnerabilities, chances are someone had been eyeing the target for quite some time.
Future attacks against other Municipalities are expected. Most likely, another attack will be carried out with procedures applied to Ransomware type attacks.
So what can small towns do?
According to Cameron Camp, Ερευνητή σε θέματα Ασφαλείας στην ηγέτιδα εταιρία cyber securityς ESET, οι μικρές πόλεις θα πρέπει να αφιερώσουν χρόνο για να κατανοήσουν και να εφαρμόσουν τις οδηγίες που είναι ήδη διαθέσιμες, και οι οποίες μπορεί να είναι τόσο απλές όσο η προσθήκη ελέγχου ταυτότητας δύο παραγόντων (2FA), η ενημέρωση των συστημάτων, η εκπαίδευση του προσωπικού στις σωστές πρακτικές ασφαλείας, και η εφαρμογή σωστών διαδικασιών ελέγχου των αλλαγών (σύμφωνα με αναφορές των ΜΜΕ, το TeamViewer είχε αντικατασταθεί ως λύση απομακρυσμένης πρόσβασης στη συγκεκριμένη unit water treatment plant, nevertheless remained in operation, exposing the plant to the Internet through an unneeded interface).
The ESET researcher also suggests that small town water managers excercise for a hypothetical breach of their electronic systems and then seek the solution by trying to "think like hackers".
In fact, Cameron Camp is urging water utilities to conduct a simulation exercise in the event of a ransomware attack. That way, small towns will not have to explain to their citizens why they spent public money to stop an attack that could have been prevented from the start.
