Feds Investigating Water Utility Pump Failure As Possible Cyberattack 136
SpuriousLogic writes with this quote from CNN:
"Federal officials confirmed they are investigating whether a cyber attack may have been responsible for the failure of a water pump at a public water district in Illinois last week. But they cautioned that no conclusions had been reached, and they disputed one cyber security expert's statements that other utilities are vulnerable to a similar attack. Joe Weiss, a noted cyber security expert, disclosed the possible cyber attack on his blog Thursday. Weiss said he had obtained a state government report, dated Nov. 10 and titled 'Public Water District Cyber Intrusion,' which gave details of the alleged cyber attack culminating in the 'burn out of a water pump.' According to Weiss, the report says water district workers noted 'glitches' in the systems for about two months. On Nov. 8, a water district employee noticed problems with the industrial control systems, and a computer repair company checked logs and determined that the computer had been hacked. Weiss said the report says the cyber attacker hacked into the water utility using passwords stolen from a control system vendor and that he had stolen other user names and passwords."
Perhaps Not All Remote Management Worth The Risk (Score:5, Insightful)
In the battle of the sword and the shield, the sword eventually wins, but it takes a hell of a lot longer when the sword and shield are separated by the moat and a thick stone wall...
No Reason (Score:5, Insightful)
I can think of no reason facilities such as this should be accessible via a public network. You should have to be physically present to access these control systems.
Real Cause of Failure (Score:3, Insightful)
Der der der.
'Been in the water/SCADA industry for 10 years... (Score:5, Insightful)
I'm all for automation, and crying out when a system is in trouble. But I haven't yet seen where humanized remote control is critical. Hackers aside, it's probably better if it's not.