A Blog by Jonathan Low

  

Apr 7, 2021

How Remote Access Endangers US Electric Grid, Reservoirs and Your House

Convenience and lower cost have been the dominant motivating principles behind greater digital access since the beginning of the internet age. 

But in an era of exponentially greater cybersecurity threats, those notions have to be re-examined. JL 

Sean Hollister reports in The Verge:

We’ve now had two instances where someone was able to remotely log into a municipal water supply in a way that could have harmed people. Municipalities left themselves wide open to tampering — they installed remote access software so employees could log in to monitor the systems! "Maybe remote access shouldn't be a feature of our nation's drinking water supply."

You would think that something as critical as a town or county’s drinking water supply would be well-protected — you know, like how America’s nuclear armament was isolated from the internet and even relied on eight-inch floppy disks until just recently? And yet we’ve now had two instances where someone was able to remotely log into a municipal water supply in a way that could have harmed people.

Remember the story of the Florida water treatment facility where someone was able to change the chemical levels? Something similar happened in March 2019 in Kansas’ Ellsworth County, too, where 22-year-old Wyatt Travnichek now stands accused of shutting down the region’s water cleaning system “with the intention of harming” it, according to a statement from the Department of Justice.

The wildest part is that in both cases, these municipalities left themselves wide open to tampering — they installed the remote access software themselves so employees could log in to monitor the systems! That’s what Travnichek was hired to do in Kansas, and authorities aren’t even accusing him of “hacking” the system in their indictment. He simply “logged in remotely” months after he left the job, began shutting things down, and is now facing up to 20 years in prison.

That sounds remarkably similar to what happened in Florida, where the water treatment plant never bothered to change the password or even remove an old piece of remote control software after they’d installed a newer one.

Maybe we should stop doing that. President Joe Biden is currently trying to push a $2 trillion infrastructure plan, including billions to deliver safe water and replace lead pipes, among other hazards. To keep the water safe, we also need to keep the water secure.

Cyberscoop spoke to a customer service rep at the Kansas water utility, who claimed the incident didn’t harm residents’ drinking water.

Save And Share : Tweet This ! Share On Facebook ! Share On Reddit ! Share On LinkedIn ! Share On Google Buzz ! Share On Digg ! Post To Blogger ! Share On Google Reader ! Google Bookmark ! Send An Email ! Blog Feed !

0 comments:

Post a Comment