Commonwealth Fusion Center’s Massachusetts Cybersecurity Program (CFC-MCP) at 50.Local police department of jurisdiction.Joining the MA Water/Wastewater Agency Response Network (MA WARN) at:.WaterISAC’s 15 Cybersecurity Fundamentals:.EPA Cybersecurity Best Practices for the Water Sector:.EPA Water Sector Cybersecurity Sector Brief for States:.EPA Incident Action Checklist for Cybersecurity:.CISA Industrial Control Systems Advisories and Reports:.
CISA & NSA Alert on Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems ():.Cybersecurity and Infrastructure Security Agency (CISA) Cyber Security Evaluation Tool (CSET):.American Water Works Association (AWWA) Water Sector Cybersecurity Risk Management Tool, to be used in conjunction with AWWA Water Sector Cybersecurity Risk Management Guidance.
Please remain vigilant, and also be aware that there are many resources and contacts available to you before, during and after any cybersecurity attack. You can access the news reports and press conference through the links below to learn more about this specific event, which is currently an active investigation coordinated by the FBI with state and local authorities. This was quickly identified as an unauthorized intrusion by the system’s plant operator who took quick action to stop the threat before any public health and safety was compromised. Specifically, the malevolent actor attempted to increase sodium hydroxide dosages to very high levels. The most recent attack that you may have heard about occurred in Oldsmar, Florida, and involved targeting the chemical feed system. We will continue to monitor cybersecurity issues affecting the water sector and provide additional updates on the blog as warranted.Due to recent reports of cyber-attacks on the water sector, all utilities are advised to be on heightened alert and encouraged to actively monitor their computer systems for any unusual activity.
#Breached plant employees used same teamviewer software
The advisory also includes general recommendations and TeamViewer software recommendations.”įor additional insight on the continued use of the unsupported Windows 7 operating systems, please also see the recent Utility Dive article “ Florida water utility hack reveals thousands of organizations vulnerable to Window 7 exposure.” It observes that these types of controls can be of particular benefit to smaller systems, such as the one involved in the recent incident, which may have limited cybersecurity capabilities. As the advisory notes, these are systems that physically prevent dangerous conditions from occurring if the control system is compromised by a threat actor. These threat overviews discuss how cyber actors have been observed exploiting these systems for malicious activities." "The advisory also includes a specific recommendations category for water and wastewater systems, which emphasizes the importance of installing independent cyber-physical safety systems. Based on these findings and observations from other activity, the advisory includes threat overviews for desktop sharing software and Windows 7 end of life. Thanks to proactive staff action and system safeguards which were in place, the threat was averted and the public was never put at risk.Īccording to the Association of California Water Agencies (ACWA): “The advisory states cyber actors likely accessed the system by exploiting cybersecurity weaknesses, such as an outdated operating system (Windows 7), and that it is possible a desktop sharing software (TeamViewer) may have been used to gain access to the system. On February 5 th, a hacker gained access to the plant and increased the sodium hydroxide (commonly known as lye) in the water to a dangerous level, altering it from 100 parts per million to 11,100 ppm. Cybersecurity & Infrastructure Agency and the Multi-State Information & Analysis Center, part of the nonprofit Center for Internet Security-comes on the heels of a cyberattack on the Oldsmar, Florida water treatment plant. The Advisory-jointly authored by the FBI, U.S. Following up on our December 2020 post regarding the SolarWinds cybersecurity breach, we wanted to provide a link to the Februjoint Cybersecurity Advisory issued by the federal government.
0 kommentar(er)
