Quote"The hacker changed the sodium hydroxide from about 100 parts per million to 11,100 parts per million," Gualtieri said on Monday, during a briefing about the attack. "This is obviously a significant and potentially dangerous increase. Sodium hydroxide, also known as lye, is the main ingredient in liquid drain cleaners. It's also used to control water acidity and remove metals from drinking water."
https://www.npr.org/2021/02/09/965791252/fbi-called-in-after-hacker-tries-to-poison-tampa-area-citys-water-with-lye
And that is why the US nuclear arsenal relied on eight-inch floppy disk from the 70's until 2019.
Critical industrial (or military) systems should never be connected directly to the internet
One of my best friends is IT admin for a large metropolitan water district. I wonder how his day is going?
>internet
Air gaps should be mandatory. Maybe this will wake us up.
>connected
"One way or the other, you pay for every convenience." --my mom
Hack of Florida town's water supply one in a growing number of attacks - U.S. - Stripes
https://www.stripes.com/news/us/hack-of-florida-town-s-water-supply-one-in-a-growing-number-of-attacks-1.661752
America's Drinking Water Is Surprisingly Easy to Poison — ProPublica
https://www.propublica.org/article/hacking-water-systems#1053129
Quote from: rcjordan on February 10, 2021, 03:36:51 PM
Air gaps should be mandatory.
This threw me, since we're talking about water supply. I was going to say that air gaps ARE mandatory now, but then I realized you were talking about wires rather than pipes.
As you may recall, I am on our local utility district advisory committee. We brought this up in our last meeting. The operator said we're safe from remote hacks - since we have crap for internet and all that, our chlorination is mechanical. Someone has to physically break into the building and turn the dial to change our chlorination levels. Of course, the building itself would be pretty easy to break into, so it could be done, but at the very least you can't do it from China or North Carolina or anywhere else nefarious hackers live.
>but at the very least you can't do it from China or North Carolina or anywhere else nefarious hackers live.
LOL!!
EPA mandates states report on cyber threats to water systems | AP News
https://apnews.com/article/epa-water-cyberattacks-cybersecurity-00649f918e2d9fff9d73152bc349e644
<warp>
https://www.courthousenews.com/epa-warns-of-increasing-cyberattacks-on-water-systems-urges-utilities-to-take-immediate-action/
EPA warns of increasing cyberattacks on water systems, urges utilities to take immediate action | Courthouse News Service
Debbie is shocked! "About 70% of utilities inspected by federal officials over the last year violated standards meant to prevent breaches or other intrusions, the agency said....
Some water systems are falling short in basic ways, the alert said, including failure to change default passwords or cut off system access to former employees."