I’m really longing for the days when the hacker stories were just ransomware. Widely reported today, a water treatment plant in Florida was breached last week. The attacker, while a plant operator watched onscreen, began to adjust the sodium hydroxide levels… that’s lye, for those unfamiliar. Adjusted to a level 100 times normal, well into hazardous levels, the operator was able to quickly fix it.
Tech details – an operator noticed use of TeamViewer started in the morning, which they used to “monitor the system”. TeamViewer itself has said they do not have indication of a compromise and stand ready to help.
Operators noted there were other alarm systems which would fire and catch such a problem as well, and that the public was never in any danger.
This is not the first attack on water treatment plants, with the earliest in 2000 in Australia, as well as ones in Illinois in 2011 and a report by Verizon of a breach of a water company in 2016.
Why do we care?
One of my predictions for this year was criminal negligence charges to someone in IT services. It’s not hard to see why when I report on stories like this. These make you long for down time as the consequence of a failure.
Some systems may need to be much more difficult to manage. There is a reason in movies why two individuals have to turn keys to set off the nuclear weapons. That’s to make doing it HARD.
Security IS a balance of risk, AND one of convivence. Support may be harder. That’s not a necessarily a bad thing.
Source: Washington Post
Source: The Verge
Source: Bleeping Computer