http://www.breitbart.com/article.php?id=CNG.bb560ae65a071dc80a1c88fdc371ec35.d51&show_article=1
A cyber strike launched from outside the United States hit a public water system in the Midwestern state of Illinois, an infrastructure control systems expert said on Friday.















 

Wait ´till they sabotage the Aqueduct water lifts that supply to LA.

And New York.



 

So your saying we should encourage them?

I kid. Some crazy times ahead when one man in a dark room can kill thousands with a key stroke......

Funny - I don't recall seeing any news stores about that company being fined millions of dollars, or its executives being hauled before congress to explain why they didn't take security seriously. Must of had an Obama campaign contribution bundler on the board of directors...

"Not Terrorism"

Is an internet connection vital to the proper operation of the facility or others like it?

Seems like a simple fix from my perspective. No internet = no foreign script kiddies screwing up your day.

Isn't that the truth.  Had it been an electric utility you would have heard about it.  

Unfortunately this is starting to get easier for hackers versus what they did with Iran.  

Wonder who the manufacturer of the SCADA system was?  The manufacturers need to step up to help those that bought their systems.

I don't know anything about this place, but a lot of times it is.  Well, depending on your definition of the word "vital" anyway



Because the internet is in so many places, it has displaced private circuits in a lot of cases due to cost.  For a $50/month DSL connection and a <$1000 tunnelling router, a company can  have a "private" connection to a remote facility.  10 years ago, they'd have paid $1K/mo for a fractional T1 private leased line.



 

Well, let's talk about a "prepper's response".  While I have water stored, we're on municipal water for daily use and, if they weren't even aware they were hacked until pumps started turning on and off, could that allow contaminated/untreated water to hit the taps?  Would a standard commercial brand home filter like a Brita provide adequate protection from viral or bacterial contamination?  Is there a way to real-time check the levels of contaminants at the tap (or the main into the house)?  I can't exactly Big Berkey every drop we drink, wash dishes in and bathe with....

I program these kind of things for a living. I can tell you with some certainty that most places it is not real easy to do this kind of thing. You almost have to go to some effort to make it possible.

The description of what actually happened is so vague that it is impossible to even make an intelligent speculation about it.

One of the more disturbing things that goes on these days is that a fair amount of programming is being done in China, India, and even Russia. There is no way to validate the security measures in most cases when someone half way across the world has to have access to it. And many times people have so many passwords that they can't remember them so they create text files or spreadsheets with the lists of passwords in them, and often these files are stored on networks and computers that are not secure at all.

It is also common for user names and passwords to be the same for the same person on multiple networks and locations to make it easier.

Another issue is that it is quite common for people to share user accounts and passwords because it is so inconvenient to have unique user accounts and passwords for every user, especially when you have remote users in India that you don't even know are programming your system.

Some of these security issues just do not have very good answers to them.

A lot of companies are moving data storage and other applications to "cloud" or "systems as a service" vendors requiring the use of the internet. I would think, however, that it would be obvious that the digital controls for a water station should need to be isolated from external access. I would certainly hope that these systems aren't being monitored and controlled from someone working from home.

I'm not really up to date on IT (I don't even own a cell phone), but this seems obvious as the way it "should" be. It seems like the vulnerability of our infrastructure is appalling these days.

Hell, I'm getting so paranoid about the Chinese nowadays, I automatically thought it would be them making it look like it was someone else.

The Iranians subscribed to that philosophy - before Stuxnet...

Almost nobody is stupid enough to put SCADA boxes on the internet.  What happens is the home office is on the internet for email, EDI for purchasing, web access,  electronic payroll, etc  Then the engineers want real time access to data to do their jobs, support the techs, etc.  Then some guy in the plant figures out he can surt the web from the SCADA collector PC that feeds the engineers by install IE and typing in the proxy server.  Now you have two possable compimises.

I deal with this at work where we have the internet (with proxy servers and public facing websites), an admin network, and a mission critical network.  We really restrict what data can flow from one network to another.  We have maybe 100-200 guys who are devoted full time to "electronic" security.

Even so, we had one compromise where an employee hooked a internet connection to a mission critical PC and it was hacked, and quickly detected.  One issue is that you can't be too quick to contain something that looks suspicious on a critical network.