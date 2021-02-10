



ST. PETERSBURG, Fla. (AP) A failed attempt by hackers to poison the water supply of a small town in Florida raises alarms over the vulnerability of the nation’s water supply systems to more intruder attacks sophisticated. Processing plants are typically cash-strapped and lack the cybersecurity depth of power grid and nuclear power plants.

The startling announcement from a local sheriff on Monday that the water supply to Oldsmar, a population of 15,000, was briefly threatened last week showed unusual transparency. Suspicious incidents are rarely reported and usually attributed to mechanical or procedural errors, experts say. No federal reporting requirements exist, and state and local rules vary widely.

“In the industry, we all expected this to happen. We have long known that municipal water services are grossly underfunded and underfunded, making them a prime target for cyber attacks, said Lesley Carhart, senior incident responder at Dragos Security, specializing in industrial control systems.

I deal with many municipal water utilities for small, medium and large cities. And in many cases, all of them have very small IT staff. Some of them don’t have dedicated security personnel at all, she said.

The country’s 151,000 public water networks do not have the financial fortification of companies that own nuclear power plants and electricity utilities. It is a heterogeneous patchwork, less uniform in terms of technology and security measures than in other rich countries.

As critical infrastructure computer networks become easier to access via the Internet and remote access escalates dramatically during the COVID-19 pandemic, security measures are often sacrificed.

It’s a difficult problem, but one that we have to start solving, ”said Joe Slowik, senior security researcher at DomainTools. He said the hacking illustrates “a systemic weakness in this industry.

Cyber ​​security experts said the attack on the factory 15 miles northwest of Tampa sounded awkward, it was so blatant: Anyone who violated the Oldsmars factory on Friday using an access program distance shared by workers at the plant briefly increased the amount of sodium hydroxide in lye by a factor of 100, according to Pinellas County Sheriff Bob Gualtieri. Lye is used to reduce acidity, but at high concentrations it is very caustic and can burn. It is found in pipe cleaning products.

The intruder timing and visibility seemed almost comical to cybersecurity experts. A supervisor monitoring a factory console around 1:30 p.m. saw a cursor move across the screen and change settings, Gualtieri said, and was able to immediately reverse it. The intruder got in and out in five minutes.

The public has never been in danger, although the intruder brought the sodium hydroxide to dangerous levels, the sheriff said. In addition, the plant’s safeguards would have detected the chemical weathering within 24 to 36 hours it would have taken to affect the water supply, he said.

Gualtieri said on Tuesday that the water is routed to holding tanks before it reaches customers and was reportedly captured by secondary chemical control. He was unsure whether the hacker was domestic or foreign and said no family member of a factory employee was suspected. He said the FBI and the Secret Service were helping with the investigation. It is not clear how the hacker entered, he said, although it is possible that the hacker was able to create administrator credentials.

Jake Williams, CEO of cybersecurity firm Rendition Infosec, said engineers had created safeguards “since before remote control via cybercrime became a thing, making it highly unlikely that the breach could have led to a cascade of blackouts marring Oldsmar’s water.

There has been an increase in attempts to hack water treatment plants over the past year, cybersecurity firm FireEye said, but most were novices, many stumbling across systems while using a computer. sort of search engine for industrial control systems called Shodan.

The serious threat comes from nation-state hackers like Russian agents accused of the months-long SolarWinds campaign that plagued U.S. agencies and the private sector for at least eight months and was discovered in December. While U.S. officials have called SolarWinds a serious threat, they also call it cyber espionage, rather than an attempt to do damage.

The laying of traps that could be triggered in armed conflict is another matter. Russian hackers are known to have infiltrated U.S. industrial control systems, including the power grid, and Iranian agents are accused of breaking a suburban New York roadblock in 2013. But there is no indication that logic bombs were activated, as Russia did in 2013. Ukraine, when military hackers briefly destroyed parts of the power grid in the winters of 2015 and 2016.

A 2020 article in the Journal of Environmental Engineering found that water utilities have been hacked by a variety of actors, including hobbyists who just rummage, disgruntled ex-employees, cybercriminals looking for profits and state sponsored hackers. Although these incidents were relatively few in number, this does not mean that the risk is low and that most water systems are secure. Indeed, the so-called air spaces between networks connected to the Internet and the systems that directly manage pumps and other plant components are less and less common.

The reality is that many cybersecurity incidents go undetected, and therefore go unreported or unreported, as it could compromise victims’ reputations, customer trust and, therefore, revenue, the report says. newspaper.

After Friday’s incident, Oldsmar officials disabled the remote access system and warned other city leaders in the area hosting the Super Bowl to check their systems.

In May, the Israeli cyber chief’s aid to the country thwarted a major cyberattack the previous month on its water systems, an attack largely attributed to Iran. If Israel hadn’t detected the attack in real time, it said chlorine or other chemicals could have entered the water, leading to a disastrous result.

The Biden administration has already signaled plans to beef up cybersecurity, an area its predecessor was bluntly accused of not taking seriously enough.

So far this year, the Department of Homeland Security has issued 25 notices listing various industrial control systems that may be vulnerable to hacking. The affected products range from 3D rendering software to security cameras and insulin pumps.

Chris Sistrunk, technical director of the Mandiant division of FireEye, said cybersecurity issues are relatively new to U.S. water utilities, the biggest problems of which are freezing and breaking pipes in winter or clogging with disposable wipes. The Oldsmar hack highlights the need for more training and basic security protocols, but not for drastic measures such as new regulations.

We have to do something, we can’t do anything. But we can’t overdo it, he said.

Bajak reported from Boston and Suderman from Richmond, Virginia. Matt O’Brien, AP technology writer, contributed from Providence, Rhode Island.

What Are The Main Benefits Of Comparing Car Insurance Quotes Online

LOS ANGELES, CA / ACCESSWIRE / June 24, 2020, / Compare-autoinsurance.Org has launched a new blog post that presents the main benefits of comparing multiple car insurance quotes. For more info and free online quotes, please visit https://compare-autoinsurance.Org/the-advantages-of-comparing-prices-with-car-insurance-quotes-online/ The modern society has numerous technological advantages. One important advantage is the speed at which information is sent and received. With the help of the internet, the shopping habits of many persons have drastically changed. The car insurance industry hasn't remained untouched by these changes. On the internet, drivers can compare insurance prices and find out which sellers have the best offers. View photos The advantages of comparing online car insurance quotes are the following: Online quotes can be obtained from anywhere and at any time. Unlike physical insurance agencies, websites don't have a specific schedule and they are available at any time. Drivers that have busy working schedules, can compare quotes from anywhere and at any time, even at midnight. Multiple choices. Almost all insurance providers, no matter if they are well-known brands or just local insurers, have an online presence. Online quotes will allow policyholders the chance to discover multiple insurance companies and check their prices. Drivers are no longer required to get quotes from just a few known insurance companies. Also, local and regional insurers can provide lower insurance rates for the same services. Accurate insurance estimates. Online quotes can only be accurate if the customers provide accurate and real info about their car models and driving history. Lying about past driving incidents can make the price estimates to be lower, but when dealing with an insurance company lying to them is useless. Usually, insurance companies will do research about a potential customer before granting him coverage. Online quotes can be sorted easily. Although drivers are recommended to not choose a policy just based on its price, drivers can easily sort quotes by insurance price. Using brokerage websites will allow drivers to get quotes from multiple insurers, thus making the comparison faster and easier. For additional info, money-saving tips, and free car insurance quotes, visit https://compare-autoinsurance.Org/ Compare-autoinsurance.Org is an online provider of life, home, health, and auto insurance quotes. This website is unique because it does not simply stick to one kind of insurance provider, but brings the clients the best deals from many different online insurance carriers. In this way, clients have access to offers from multiple carriers all in one place: this website. On this site, customers have access to quotes for insurance plans from various agencies, such as local or nationwide agencies, brand names insurance companies, etc. "Online quotes can easily help drivers obtain better car insurance deals. All they have to do is to complete an online form with accurate and real info, then compare prices", said Russell Rabichev, Marketing Director of Internet Marketing Company. CONTACT: Company Name: Internet Marketing CompanyPerson for contact Name: Gurgu CPhone Number: (818) 359-3898Email: [email protected]: https://compare-autoinsurance.Org/ SOURCE: Compare-autoinsurance.Org View source version on accesswire.Com:https://www.Accesswire.Com/595055/What-Are-The-Main-Benefits-Of-Comparing-Car-Insurance-Quotes-Online View photos