Hackers Keep Targeting the US Water Supply

from Wired

IN LIGHT OF all the Facebook news lately—although frankly, when isn’t there any—you may finally be thinking about jumping ship. If so, here’s how to delete your Facebook account. You’re welcome.

That’s not all that happened this week, though! Google shed some new light on the Iranian hacking group known as APT35, or Charming Kitten, and how they use Telegram bots to let them know when a phishing lure has a nibble. Speaking of Telegram, a new report shows just how poor a job the messaging service has done keeping extremism off the platform.

There was good news for Cloudflare this week, as a judge ruled that the internet infrastructure company isn’t liable when one of its customers infringe copyright designs on their websites. And there was bad news for humanity, as the governor of Missouri has threatened repeatedly to sue a journalist for responsibly disclosing a security flaw on a state website that he uncovered.

More here.

Posted in Technology and tagged , , , .


  1. Our increased reliance on technology has helped with automation, it has increased safety by eliminating dangerous and redundant jobs, but the potential for errors and hacks in the critical systems that we rely on has opened up vulnerabilities that could potentially be deadly. The water supply systems in many cities are controlled and monitored through computer systems. This increases the convenience of managing the system, but it has also allowed many potential hacks. The attempt earlier this year in February where someone hacked into a water supply system in Florida and tried to increase the sodium hydroxide concentration could have dangerous consequences if it had not been prevented.
    The hack that occurred in Florida was not only a result of our increased reliance on technology, but also the failure of maintaining a secure system. This is not to say that secure systems that are following the most recent guidelines are not vulnerable to hacks, but it is a lot less likely that a computer system that is up to date and following the most recent safety guidelines will be the victim of a hack. The hack that was attempted on the water treatment plant in Oldsmar, Florida did not take advantage of a new or revolutionary exploit in the computer system. It was only made possible because the water treatment plant had poor password security and was using outdated computer systems which were vulnerable. If more stringent cyber security measures were in place at the facility, it is unlikely that the hack would have occurred and gone unnoticed for so long. This shows why it is so important that we make sure our critical infrastructure is using computers that are updated and making sure that they have strong cyber security measures in place. There is also the potential that disgruntled employees, such as the one at the Kansas water facility, decide to launch some kind of attack on the water supply. This shows the importance of making sure that all changes to critical infrastructure are monitored and seen by multiple people before it has a chance to affect anyone.
    As the world becomes more dependent on technology and computer systems, it is likely that there will need to be some kind of cybersecurity regulations that these facilities will need to follow in order to maintain the safety of all who depend on them. A mistreated water supply has the potential to be a devastating attack on thousands of people, but increased cybersecurity can prevent that from happening.

  2. Ransomware is a type of malicious software, or malware, that prevents you from accessing your computer files, system, or personal files, and demands ransom payments in order to get the software back. This is the US newest worries as ransomware hackers are continuing to attack the US for money, they are more specifically attacking water and wastewater facilities. The FBI, Cybersecurity Infrastructure and Security Agency have highlighted five states from March 2019 to August 2021, where systems were targeted by either ransomware or other hacks. I find it very interesting how the US hasn’t boosted our cybersecurity systems in every aspect of their software. No matter what it is, if the government has control of it, then it is clearly something that is important. With one of the necessities of our lives having governmental control it is baffling that the software there could be outdated or unsupported operating systems or software. With cyber technology becoming more and more popular, people are starting to figure out how these machines work. Much like how the younger generations are becoming so good with iPads and using our iPhones to play games. While this is good for the advancement of this technology there are also a lot of desperate and evil people out there that are looking to use this technology to give them an advantage in their life. With all of this said, it needs to be on the top of the priority list that not only everything involved in the government, but every company has a strong and developed cybersecurity software to prevent cyber-attacks. This is an example of the importance of staying up to date with the times, because if you fall behind you will be used or taken advantage of. I enjoy watching this YouTube channel called PleasantGreen, where he explores how scammers and hackers from around the world use innocent people to get money. While this is a much smaller example of getting taken advantage of for not being up to date, I think it shows that people are always looking for places to get a step ahead of everyone else. With all of this said, the government needs to make boosting their cybersecurity everywhere or the US will continue to be targeted by Ransomware and hackers.

  3. America has already seen a considerable amount of dangerous ransomware attacks in the last few years. However, being that human beings need water more than any other resource other than oxygen to live, it is more important than any other thing in the world that we have clean water to survive. but it seems that if we do not step up our cyber security game comma that might not be the case. The fact that the Cyber-security and Infrastructure Security Association (CISA) cited weak passwords to the infrastructure of the water supply of certain areas of our country is very concerning. They also cited that some of their operating systems were unsupported, outdated, or just operated under vulnerable firmware. One would believe in this day and age every major government necessary service would have top notch digital infrastructure given that that infrastructure protects the health and safety of the citizens of the most powerful country in the history of the world. But then again, that would require us to think at the same time that governments have a tendency to operate public service effectively. If you think governments do run things effectively, please stop by the Department of Motor Vehicles in person next time you have to renew your license rather than online. You will see pretty quickly first-hand that the US government sucks at their job. With that being said, it is the government that will need to find a way to prevent hackers from breaking into American plants computer systems and temporarily changing a plant’s sodium hydroxide levels again. We need to get the right people in Washington that are non-partisan that can properly budget the right amount of spending so we can afford to fix the lack of effective Cyber-security in our governments computer systems. The future implication could extend further from our water systems as mentioned in the article, and oil pipelines that were apparently attacked by Russian goons who were paid off in Bitcoin that might have somehow been tracked by American intelligence. As our country could hopefully make progressive move to Universal healthcare, and a national clean energy, it will be do or die that our government run cyber security systems can do a more effective job at detouring hackers. It is very likely that in the near future all our important information, and all aspects of our tangible lives will be controlled by massive government data bases, and it’s our government’s job to adequately use our tax dollars to protect us.

  4. In today’s world technology is used for everything because it’s much more simple and less time-consuming to operate virtually than physically. Technology has done a good job of replacing various jobs considered dangerous to humans, but still has many flaws that could endanger a human being. After reading the article, “Hackers Keep Targeting the US Water Supply”, it is evident that companies should invest more in the cybersecurity of their systems especially when it can lead to the death of human beings. The computer systems for a Florida water supply company manage the number of chemicals that go into the water. A former employee intended to increase the amount of sodium hydroxide that goes into the city’s water supply. The company’s software vulnerability allows for it to be controlled remotely because the company doesn’t bother to update the software to almost lead to a devastating incident. Most recently a platform that I use, Twitch, was also hacked revealing sensitive information about streamers and their payouts from the company. I found out about this as it became the number one thing trending on Twitter in which the highlights included streamers expressing their anger on how a company like Twitch didn’t see this coming and how their data has been exposed. Companies don’t like taking responsibility for these types of hacks against them that lead to severe consequences like data breaches and what’s worse is that they let it build up before taking any immediate action to aid users. Aside from companies, a person should also worry about the technology used for online banking. It is a luxury to be able to do an electronic deposit, wire money, and complete authorization checks, but there have been many cases in which it has become a nightmare for the individual because hackers are able to bypass the firewall of security and drain their assets while. As technology continues to improve so will security, but unfortunately, hackers will also adapt and find new methods to target a person or company. It is important to always remain alert around technology and be up to date with the latest methods that could jeopardize your security.

  5. Today the average person can learn to hack a database or hack the database or substance easily and quickly. As seen a couple months ago the gasoline pipeline was hacked and up for ransom for a few million dollars. That created a huge inflation of gasoline prices and while in a pandemic where work and money is already scarce for many Americans, that had a terrible effect on the economy. Now in the news today, it is seen that the US water supply is under attack by the hackers that call themselves the “Charming Kitten”. The group of hackers use the technique of the most common way of retrieving information called “phishing” on messaging platforms to retrieve data they’re not supposed to obtain so easily. Hacking has become very influential and is very substantial to the point that you’re able to do something hard as in increasing the amount of sodium hydroxide in Florida’s water supply. Hacking can come in several forms even in peanut butter sandwiches, and packs of gum. Former Navy nuclear engineer offered up to $100,000 dollars in each cryptocurrency for each government document and sold them in very creative ways. I feel as though with the events of hacking happening right now in this very crucial time for Americans, where the economy is already bad, as a country we can’t afford another shortage. Shortages are already along the way in America starting from the inflation of food prices, gas prices, and many more supplies due to the shortage of staff in workforce and delay of supply ships. If the hackers keep approaching the most vital supply that effects the economy, it can hurt us more than we’re already hurt.

  6. I’m not particularly surprised that American infrastructure is technologically behind. Cyberattacks have always aimed to target weaker, more penetrable systems in order to avoid risk. With outdated protection or simply slower hardware, it becomes increasingly easy for hackers to target the flaws and issues within said systems. Without constant updating and maintenance, much of the IT infrastructure would constantly be under threat of hacking. The biggest concern is how this affects everyday people. Of course, any individual with an electronic device should constantly make sure to protect themselves from cyber attacks, although, these hacks are usually much less malicious than the larger scale ones. The attack on US infrastructure does spell trouble for the general public in a very different way. Unlike a hack on the CIA or FBI, or another intelligence agency, a direct attack on water/irrigation systems could have much more far reaching consequences. Increase of sickness from tap water, issues concerning waste disposal, to name a few. And while this on its own is already concerning, the potential for further harm in other systems is also present.
    The main reason why these hacks occurred was because the systems, especially the operating systems, are severely out of date, containing next to no anti-hacking protections that are up to date with modern digital infiltration methods. A nationwide effort needs to be made in order to amend these faulty and outdated systems if we hope to not avoid massive infrastructure shutdowns. The attack in Florida, where the sodium hydroxide levels of the drinking water were raised by a hacker, could have been much more devastating had it not been stopped by a plant worker. As these systems linger on, remaining un-updated and old, hackers will find more simple and safer ways to infiltrate them. To begin with, these systems should always only be accessible by qualified operators, and no one else, so the fact that there is this distinct lack of updated protection for a government facility is astonishing.
    Other than the federal and state government systems being faulty, more and more hacks seem to be occurring recently. The twitch hack was huge for the livestream community, showing private earnings information that was previously unavailable to the public. Cyber security concerns will most likely continue to grow as our technology progresses, so we must ensure, both as a society and as individuals, to maintain up to date systems and ensure our cyber safety.

  7. The mere ability for the technology required to manage our water systems being able to be hacked is embarassing. As noted in the article, the United States has experienced five of these cybersecurity breeches between March of 2019 and August of 2021 alone. These cybersecurity breeches are done through a hacker using randomwear to tamper with the water facility’s production. One example of this was noted in the article when a hacker adjusted the levels of sodium hydroxide in the treated water. Due to the immense volume of hacks, one would wonder: how is it so easy to hack these water-treatment facilities? The facts point to the lack of updated technology in these facilities; they are using outdated computers to run the place. For such an important job, it would make sense for highly secure and modern tech to be used, but in this case, it is the opposite. Just think of how many people’s lives these water plants affect on a daily basis; it is astronomical. I believe a solution to this problem would simply be to update all of the technology in the plants, as well as make it a more cyber-secure environment. In addition, it would make sense to increase the penalties for those found guilty of hacking the water plants, in order to scare some hackers off.

  8. The fact that there are hackers that are even able to tap into our water supply is extremely alarming. And also learning that the United States is having trouble and technological inefficiency is worrying, as it should be for citizens. There have been five security breaches within a short time span, this shows that our water plants are facing deficiencies.

    With issues like climate change, we already know that in the future if there is little to no action taken, then we fill be facing consequences especially in terms of vital resources and if hackers are able to gain access to water plants that can create many issues for civilians. There’s already water shortages across the globe, does that mean if one starts to happen in the US, hackers can easily manipulate how we operate our supply?

    We often hear many times that the FBI and the CIA’s work is very efficient, yet the fact that they are not able to fix this issue right away shows an embarrassment on behalf of the United States.

    Another issue in terms of our demand needed from Taiwan, with pressure from China can also lead to a specific shortage with our needs. Much of the world already claims Taiwan to be apart of China due to China’s claim over Taiwan. The Unites States already has their military there and no it is evident why as things come to light. The United States needs to reform it’s cybersecurity and establish an efficient method to acquire there needs as well a protection from hackers and anything that threatens our democracy.

  9. We have focused so much on getting more power that we forgot to defend ourselves. Hacking has been a threat for a significant time, and it has already played a more significant role than most people may think. Over the last ten years, Israel has hacked various times Iranian nuclear centers, and those cyber attacks have saved Israel from an Iranian atomic bomb. So why hasn’t America done its work with cybersecurity? We can not allow people to mess with our resources; we have the money, the power, and the technology; why aren’t we applying it in our resources? Is it maybe because most of our congress does not even know basic technology things and we expect them to know what a computer virus is? Let’s remember that it is not the strongest who survives, the one who adapts better. It is time for us to use all the talented people we have in this country to protect it. This time it was against water in Florida, and it should be enough for our government to start acting. I am extremely worried about our government; this is not about Trump or Biden is that we are vulnerable to attacks like the one in Florida, and the government could not care less. We have to demand cybersecurity for our resources; there can be millions of deaths if we don’t acknowledge that guns aren’t the only way they can attack us.

  10. It is quite interesting to see how the impact relying on technology can have on something as necessary as water supply. In the article, they state that with the outdated versions of the IT hackers were able to access it and cause so many issues due to the slight anomaly there was within the system. And nowadays with just a little bit of research one can easily learn how to hack into a system and do ransomware quickly in the blink of an eye. However, it is a bit interesting to me that American infrastructure is not much better or secure when it comes to these types of systems. Because a bigger threat can impose on these types of hacks, privacy. If the hackers really wanted or knew how to do it they could easily track all the data of that water supply and track more data from other people that might be using the same network as that system. This brings into question are the people within the same vicinity as that water supply IT system are susceptible to hacking as well if their network isn’t secure. Hypothetically speaking, if a hacker is able to hack into the network of a person’s internet then their information is open to the hacker which is a great violation of privacy and security. Because not only do they know one’s private information but they are free to do what they want to do with that information as long as the person isn’t aware. Furthermore, what the hackers did, in this case, was to raise the amount of sodium hydroxide in the water. This is another ethical issue that can happen because if someone were to consume a lot of this contaminated water then it could cause serious issues to the individual. Then the person also has the chance of suing the company for putting their health and others in danger and the ecosystem’s as well. And it all just turns into a domino effect one issue causing another issue that is much worse. And really a simple resolution could be to invest in better software or purchase a specific network for that IT system or simply just update the entire system if possible to avoid these situations to happen again in the future. It is important to implement this as soon as possible as well considering how technology keeps advancing and becoming a full-on necessity in our lives now.

  11. Living in the technology era definitely has its benefits. Things that used to take copious amounts of effort and time are made easy and fast with the technology of our day. Only 50 years ago, if you wanted to find information on something, you would have to go to the library and scour through a book to find it. Nowadays, we have search engines like Google and Bing that allow us instant access to information. And soon enough, we’ll see a breakthrough in self-driving vehicles, artificial intelligence, and even space travel. There are numerous examples of how technology has helped the advancement of civilization, but something we did not foresee in that effort for advancement is the potential problems that could come from it. Since the beginning of time, people have been consumed by greed, which has led to the act of scamming others. The outdated scams such as the Ponzi Scheme seem laughable by today’s standards, however, the people of the day were easily fooled because such things did not exist to have hindsight of. In today’s modern world, people like Charles Ponzi still exist, but they have adapted to the changing times. With the introduction of the internet into basically every household, scammers and hackers have found very innovative ways to take advantage of innocent people. One such example from the early internet is the Nigerian Prince Scam, where you would receive an email from a “Nigerian Prince” stating that he wishes to send you sums of over $1 million if you send him a mere $500 for a “transaction fee”. Seems like a good deal, you spend $500 to make millions. But sadly, there was never a chance you were going to get millions of dollars after you sent the $500. This scam – although only 10 to 15 years old – became outdated very quickly after it hit the internet. As technology grows, there is always going to be someone trying to take advantage of these changes to benefit themselves, even if it screws other people over. This is exactly what we are seeing now with the new Bitcoin scams and account hacking all over the internet. Unlike the old scams, it doesn’t seem like there is much action you can take if you get scammed or hacked on the internet today. While computer technology advances at such an incredible pace, the laws that regulate that technology tend to lag behind. Many of these situations are not even on the government’s law-making radar when they happen, and it can be years later before these situations are addressed. Who would you even sue for hacking into the water supply in Oldsmar, Florida that happened recently? The anonymity of the hackers makes it almost impossible to take any action against the perpetrators. This is why we need to increase security measures in facilities like this. If there had not been someone there to report the sodium hydroxide levels being changed, upwards of 15,000 people could have died from this attack. As much as I love the internet, I can say for certainty that it scares me.

  12. In today’s technologically advanced society, people are very dependent on the Internet. Technology helps to achieve automation and improves work efficiency. However, the network that people rely on has potential crises. Hackers have found fatal loopholes, and hacker attacks have become A threat in our lives. In order to manage the city’s water supply system more conveniently, most cities control and monitor the city’s water supply system through a network system; therefore, hackers have found potential loopholes, and hacker attacks have dangerous consequences. With the continuous improvement of technology, network security will continue to improve, but hackers’ attacks are also more destructive, and they will find new ways to attack network security. It is important to be vigilant about the network and find new ways to deal with hacker attacks.

  13. In this article, it discusses how a cybersecurity advisory was sent out about multiple states being attacked by hackers. One of the incidents involved a hacker changing the number of chemicals in a water treatment facility. This put the water supply in an unusable state because it would be dangerous to consume. The interference with a vital resource for human survival is very concerning. The fact that people were able to gain access to such a necessary resource means that they can probably do the same for things like food, electricity, and other resources that we rely on in our society.
    Cybersecurity needs to be a priority for our country to focus on as technology is growing and becoming an inescapable aspect of everyone’s lives. If security is not held to a very high standard, more attacks can be made to similar places and may not easily be undone. In my opinion, war is becoming more online than in person as people are constantly fighting for who has the best resources and who can find out the most information about their enemies. If our enemies were to get wind that an important resource is vulnerable to attack, I believe they will try to hack it to make us weaker in the long run.
    In one of the other classes I am currently taking we discuss technology and how its growth affects our world and the business sector. Cybersecurity is a huge issue that we discuss in the course. How it affects society, the business world, and consumers’ personal lives is an important subject of study especially since technology is continuously growing in our world. I personally worry about my own cybersecurity every day. We use our smart devices all day and some people even have smart homes, cars, and clothes. I always try my best to stay away from Alexa devices and keep smart home devices at a minimum. However, doing these things will not keep you completely off the grid because your data is constantly being collected on websites and other online platforms. We learned in class that platforms like Google Drive are only free because we pay for them with our data. Our movements and tendencies are constantly being collected while we use those platforms. Being newly aware of information like this brings a new level of concern to my already weary thoughts about cybersecurity. Hackers could find any of your information at any point because they are stored together in various places for companies to access.

  14. Many countries around the world rely on technology for many different tasks. In some aspects, technology is great because it improves the efficiency of society. Technology has done such a great job at making people’s lives so much easier that many people do not even realize they are dependent on technology. Even if they do realize, I truly believe they do not fully understand the severity of how dependent the world is on technology. The world being dependent on technology has a huge list of pros and cons, but one of the most important cons is technology security. Yes, technology is wonderful, but technology can end becoming useless and dangerous when other people decide to hack technology. Cyber security is always going to be a big issue for technology because it does not matter if everyone has the most up-to-date devices. Every single device or piece of electrical technology has the potential to be hacked. Older devices are more vulnerable to hacking, so the best way to defend against hacking is to have newer technologies with high-end security. The article about people or groups hacking U.S. water supplies demonstrates American dependence on technology. The article talks about how there have been multiple hacking attacks against water supplies in several states such as Kansas, Maine, California, Nevada, New Jersey, and Florida. In some cases, the hacks were performed by unknown people looking to do harm. Another case involved an intruder who broke into a water facility where he played with the chemical levels to make sure the water was deadly to drink. Thankfully, a facility worker reversed the chemical changes before the water was unsafe to drink.

    This article is important to everyone who lives in the United States because if there are no significant changes in security then the whole country is at risk. Important facilities like water supply facilities should have solid building security and great cybersecurity. If not, the whole U.S. is at risk because it could potentially be very dangerous and deadly. People in society could very well end up drinking deadly water from mainstream public water lines. Therefore, it should not be too easy for an intruder to break into a water plant and alter chemical levels. Secondly, hackers should also not be able to easily hack into water plant operating systems. There is always going to be a hacking possibility, but water plants should have up-to-date operating systems to minimize the chances of being hacked. The article noted explain how the Cybersecurity and Infrastructure Agency noted poor password security and outdated operating systems were a part of the hacking occurrence in Florida. Poor password security and old operating systems should be unacceptable for the infrastructure of high importance. In my opinion, I believe government agencies should have legal restrictions and guidelines where important infrastructures are required to have good building security, great password security, and updated operating systems to help prevent hacking occurrences

  15. I believe this article made a lot of good points, especially in regards to the huge issues that can occur when these cyber attacks occur. These cyber-attacks can be very bad for many facilities, but it seems many facilities are still having this issue as time goes on, which begs the question of how is this still relevant and occurring as it seems to become more common and the weeks go by. Furthermore, there is also the very relevant subject of how the water industry and operators specifically can be affected by an attack on them. For many, the issue could cause their operations to either be halted or even contaminated due to the type of attack and what is done to the water/companies’ systems. For example, the article mentions the chloride level being raised in one attack, which would have caused irreversible damage to that water if not caught in enough time. By having the contaminated water, you’d then have to throw away that water due to not being able to use it, which then can be described as a supply chain issue for whoever their customers are. Therefore, these issues and attacks can be centrally related to causing supply chain issues where the demand still constantly exists for this commodity.

    Consumers as a whole are only worried about their water and ensuring it is not messed with or affected when trying to access it. Although, the issue that is really important here is the fact that many companies dealing with water and other subject areas are very vulnerable to attacks. The issue stands that something needs to change or this issue will continue to happen. One possible solution that sounds like a no-brainer is companies simply better protect themselves. Although, it seems many are not going that route. When analyzing the situation, it seems many are either unprepared to deal with this issue or simply do not care. Some may argue that this issue can wait since not everyone is affected, but that also allows the threats and possibilities to grow and linger by not solving the issue effectively and swiftly. Many of these facilities are not up to date with their systems, therefore, the issue just stems from using outdated systems or even practices, but why not update these systems? Therefore, the issue truly arises from whether these companies can afford to sustain themselves through this change/updating while keeping costs low, while also producing the water with no issues.

  16. Society’s shift towards the digital age has brought about various improvements and means of improving efficiency that many may have never considered possible. Such advancements will only fuel society’s natural progression towards integrating technology into any process possible. Yet, these opportunities enjoyed by society bring about equal opportunities for hackers and other malicious individuals to take advantage of technology. Such is the case in the recurring incidents revolving around water supply facilities being hacked. Those who manage to obtain enough knowledge about the IT infrastructure of such facilities are able to remotely access controls and potentially compromise the safety of the water supply of entire cities. This presents a strong example of the broad damage a malicious individual can do to a community through exploiting technology.

    Perhaps one of the most striking developments noted by the article is that many treatment plants pay little regard to the security and integrity of their IT infrastructure. This expresses great ignorance towards the realities of the digital age and a society fueled by technology. Hackers will generally aim to exploit any form of vulnerable systems or infrastructure that they can. Failing to establish proper security for technology-based infrastructure simply makes an organization a more appealing target for hackers. As the article notes, water supply facilities are essential for various communities, and ransomware attackers can capitalize on their essential status to take advantage of them. Such concerns have clearly manifested into reality, as evidenced by these cybersecurity incidents being recurring. As these incidents occur more and more without effective action being taken, more hackers will be alerted to the vulnerable state of these IT infrastructures and attempt to exploit them. This speaks to the necessity of proper cybersecurity measures, especially when entire communities can be placed at direct risk by a single individual. In many of the incidents cited by the article, it appears as though several of these facilities have failed to take even the most basic of cybersecurity measures. The incident in Oldmars, Florida was enabled primarily on account of weak password security and a failure to keep the operating system up to date. Another incident in Kansas occurred because a former employee was still able to use their user credentials to access a facility computer remotely. Relatively minimal effort would have been required to prevent these situations, yet entire communities were placed at great risk as a result. It is clear that many organizations may need to be educated towards both the importance of maintaining the cybersecurity and how to do so.

  17. Not long ago, protecting critical infrastructure was a purely physical affair: thick walls, high fences, and sometimes armed personnel were key to protecting our energy, transportation, and water infrastructure from potential threats. This status quo persisted for a surprisingly long time, even as almost every other aspect of our lives became increasingly digitized. Most industries have fully embraced digital transformation in recent years, and the business world has become dependent on a highly complex web of interconnected technologies. Our personal lives have also been shaped by digital technology, which has become the de facto standard for everything from paying bills to monitoring our health. But as the digital age has progressed, the industrial control systems that underpin our critical infrastructure have remained largely isolated from the Internet, and the security perimeter has long been almost entirely physical. The digital transformation has now also reached our critical infrastructure. This digitalization brings with it several advantages, such as remote servicing. But in addition to all the benefits, this progress also brings many risks. Our (critical) infrastructure must now increasingly prepare for potentially catastrophic threats that go far beyond the scope of security fences and armed guards to defend against. With increased connectivity, the risks naturally increase – and critical infrastructure operators are no exception. However, the impact of a hacking attack on infrastructure is far greater than in almost any other sector. While a breach suffered by a retailer affects its bottom line and exposes its customers to increased risk of fraud, a successful attack on critical infrastructure at the national level can have much more tangible and far-reaching effects – and potentially even endanger lives. One of the biggest challenges in cybersecurity is embracing the unknown. While security teams and solutions can quickly adapt to newly discovered vulnerabilities, malware, and techniques, it is difficult to prepare for previously unknown threats. Unfortunately, we have to assume that unknown malware is already literally lying dormant in many industrial systems, just waiting for instructions to strike when the time is right. As with traditional weapons, cyber-attack tools can have a deterrent effect if they are in the wrong hands. Unlike conventional warfare, however, serious cyber-attacks can be organized by individual people with comparatively few resources. This raises the level of uncertainty in the face of such attacks to a much higher level.

  18. When I first clicked on this article I wondered what the context for hacking into US water supply even was. I briefly thought this meant outside countries were trying to access where water supply was or how easily it gets distributed (perhaps a possible attack on breaking a system). I was shocked to learn this hacking ability can go so far as to alter the amount of chemicals in water supply facilities that could poison a population. I was not surprised that current technology makes this capable, but rather that it is being done. Like any situation where someone openly seeks to harm others, there is always the question, why? The article continued to push into different past hacks of numerous sorts. Hacks like the major one that occurred recently on the streaming site, Twitch. I feel hacking comes from a few different sources of motive. These include: need/want for data or information, sabotage for outside gain, complete sport, and most popular-money. Overall, I think every hacking success includes all four in different ways. While continuing to read the article I began to question, what even classifies a hack? The article features a brief anecdote explaining an instance where a US nuclear engineer proceeded to give foreign countries confidential information in concealed forms- like food. Is this considered hacking? According to the Oxford Dictionary, hacking is “the gaining of unauthorized access to data in a system or computer.” Stereotypically, hacking is commonly imagined as someone in a dark room with an array of computers that is trying to access a system online from an inside source. The definition in this context however, challenges me to look at the entire idea of hacking as more than just technological sabotage. In this instance couldn’t hacking also be considered the giving of confidential information? Or is this example of the engineer a case where he is simply the accomplice to hacking, and not the hacker himself. This different outlook would change how hacking relates to law and how cases present themselves. The Department of Justice sued the engineer for “dead drops” of information. The level of accomplice or leader could change the extreme of punishment. I find this interesting to consider.

  19. This article was very interesting and brought a lot of new information to me that I had not known. As an everyday citizen, there is a lot that I am sure we do not know happens behind the scenes. For example how someone tried to hack into the Florida water supply and attempt to poison it. It is malicious events like this that are fortunately resolved or more hopefully prevented right from the start. It is truly fascinating and unfortunately frightening how harmful advances in technology can be. As technology advances this gives hackers a better chance of hacking into this water supply. It also expressed in the article how hackers CONTINUE to hit US water and wastewater supply facilities. Key word is continue. The fact that this keeps happening is concerning. The fact that the security admitted to weak passwords along with weak security shows that we as whole are not ready for more of these attacks. Who says that this couldn’t happen to my state let alone my town and directly affect me one day. Water is something every human needs to survive and this source should be protected from people with bad intentions. Security used to protect this source should be increased and updated judging that hackers were able to break through multiple times. Do not even get me started on how this could affect other things. It makes you wonder about us as citizens and we hope that our security. Our defense systems are brought into question and makes me nervous on if someone was able to hack into a water supply, how easy would it be to do other things such as hack into personal information. This water supply was not the only thing hacked recently. Other things which were hacked included various websites and social media such as instagram, facebook, snapchat, and twitch. Everyone knew about those though because most people have at least one of those digital apps. This is an example of hackers directly affecting our lives. While loosing instagram for a day isn’t too big of a deal, it is not so much the magnitude but more so of the principal that we are vulnerable. Cyber security and defense technology needs to be upgraded and invested heavily into in order to prevent more cyber attacks like the ones listed above. Our safety needs to come first, so that is why the money we pay in taxes should be put towards that and we can truly be protected.

  20. This specific Florida city water supply software attack raises a lot of alarming issues. It’s not like the hackers were just playing around with the water pressure, they were actually changing the chemical ratio of the water. This increase in sodium hydroxide in the water supply makes the water unsafe to drink and basically poisons anyone who drinks it. This allows these hackers to take out a large group of individuals at a time with almost no effort. They are able to kill hundreds, if not thousands, of people by sitting behind a computer screen like I am now. Controlling a water facility remotely is a convenient and more efficient technological advancement, however, like anything that is software based, it has its drawbacks. Even though something that needs to be physically turned or pulled to operate is not as precise or easy as something that is computer operated, it has way less of a chance of being hacked or tampered with. While updating the software on the remote systems of these water plants will definitely make them less open to attacks, it is not an instant fix. These updates are constantly trying to patch the previous holes, as well as protect themselves from future ones, however, they could only look into the future so far. In a technological field these hackers and viruses are advancing at an unimaginable rate that no one or thing is ever fully protected online. I think it would be more beneficial to these water supply facilities if they had IT workers always monitoring and filtering the software for potential threats and criminals on top of the increased funding and updates in this remote area. Having actual people on stand-by allows them to catch things that the computer may not.

  21. In this day in age technology is relied on very heavily for many countries in the world to complete tasks daily. Technology improves the efficiency of society and businesses through different ways. People have had to depend on technology now adays as it takes up so much of our lives sometimes, we do not realize how much we rely on it. As technology advances over the next ten years, I believe that the world will be fully dependent on technology which can be a good and bad thing. Working in a company that is starting to use self-checkout in their stores (Wawa) it is great when technology works but when it does not there are a lot of complaints thrown my way. This article points out the cons that technology poses to humans specifically Americans. Cyber security is always going to be a big problem to technology as it is the first and last line of defense for everyone who uses technology. It is safer to have the most up to date piece of tech but eventually there will be a time when these devices will get hacked into and a code will be broken. The older devices will be more prone to hackers are the coding they used for those devices are easier to get into. This article goes over the hacks that were against the American water supplies in certain states such as Kansa, Maine, California, Nevada, New Jersey, and Florida. This proves that we need to strengthen our cyber security as no one should be messing around with our water supply to help humans live as certain states like California was low on water just a couple years ago. This becomes very dangerous as people living in another country thousands of miles away can make water undrinkable. The codes that are made up in the devices to control the water need to have a closed circuit that can only be accessed by on site personnel.
    As a consumer I am only concerned with the how my drinking water is and that it is not being affected when I must access it to get a glass of water or take a shower. This is not the only issue consumers should be worried about as it should be evident cyber security and their devices are at the top of the list. If hackers can into very secure systems that means people can hack into laptops and phones with ease taking personal data like it is nothing. One thing company should do to protect their reliability through consumers eyes is to take more measures to better protect their software and create more coding or more fire walls. The article explains how the cyber security and infrastructure agency recognized poor password security and outdated operating systems were a part of the hacking in Florida. I believe this is a key to hacking are companies without strong passwords and security to protect those passwords are vulnerable. I think for government agencies should create legal guideline on how to create a strong password and store it in safe places.

  22. Technology throughout the years has been increasingly been getting more advanced for the purpose of making sure the Intel and databases are staying up to date. I question why the systems of the water treatment plants have been outdated so long for it to open up the system to attack from hackers looking to do damage to the American people for the purpose of just pure harm. Water is a vital thing humans need to live and I’m having trouble understanding why the water treatment plants are on such a low priority to the updating of systems, which I can understand to a certain point because no one thinks people wanting to do harm would try and take control of a water treatment plan, but that is exactly why those hackers did it. The hackers that broke into the data of the water treatment plant trying to control it knew there was reduced security on the main frames and technological resources which would make it easy to access, but also be able to do a lot of damage. I personally think this should never had been a problem as long as we would’ve kept up with the regular maintenance at the water treatment plan, but why was the updating of the plant put off so long when the poisoning of the water was an even possible risk. The problem of this almost disaster is that it could’ve been prevented by the simple upgrades of the water treatment plant, but I don’t know the situation and the treatment plant could’ve been asking for the much needed updates in their technology, but the funding could’ve been denied from lack of funding or higher ups didn’t think it was an important thing to direct their money to. Its crazy to think the huge impact those hackers could’ve had on innocent people if the changes were not spotted, but its also important to think about what things could possibly happen, no matter the likeliness of the act, which this situation proves that people trying to hurt others will go to many different lengths to try and mess things up. The internet will continue to improve and change in many different ways, but its important to keep all important utilities up to date even when it might not seem important to throw money at, it could have a long lasting affect when it comes to the lively hood of American citizens.

  23. After reading this article I managed to connect it with another news item I read recently. The news I read is about penetration testing. This system consists in behaving like an attacker, doing the same as a hacker would do. You analyze where it could be easier to attack, define what is worthwhile and what could be the objective: attacking the financial system of an entity, the health department, a supercomputer, or stealing scientific and social information? Then a vulnerability reconnaissance is performed to define where the cybersecurity holes are. If you discover them, you have to fix them. Obviously, you don’t want anyone to see them. You have to plug them so no one can get through. If a supercomputer falls into the hands of malicious actors, they are a very large processing power machine. It would serve as a weapon to attack the rest of the world. We’re talking about 2,000-processor machines, like having 2,000 computers working together. A lot of power to attack. It’s like having a network of computers around many different locations that have been infected and are controlled remotely from a single site. You have to infect a lot of computers to have the attack power to tell you to attack a power grid, for example. But if you have that power concentrated in one place and you hack it, you’ve got it. It is really very difficult to imagine how serious the attacks could be as everything is so interconnected. One of the biggest fears is critical infrastructures because an attack on them would cause direct harm to people. Imagine if they attack a reservoir. Release the water and it could flood even villages. This is why this type of work is essential, as it minimizes these risks.

  24. We, unfortunately, live in a world where there are malicious people wherever you go. There is no avoiding these people. There are those who disturb people for fun, and there are those who do it for money. Either or, they are the scum of the scum. It becomes especially malicious when these such people attack essential human resources such as water. The number of cyberattacks on U.S. water facilities has become unprecedented. These attackers are holding water hostage, by threatening to contaminate the facilities’ water, or disabling the systems entirely. The biggest way these attackers perpetuate these water facilities is by, “exploitation of outdated or unsupported operating systems and software, and the exploitation of control system devices with vulnerable firmware versions.”, according to a CISA notice. This issue can easily be helpt by putting an emphasis on upgraded cybersecurity.
    Most companies have been behind in maintaining up-to-date cybersecurity. The lack of cybersecurity compared to technological advancements is frightening. The more the world seems to get technologically entwined the easier it gets for malicious people to attack others via the cyber net. Only recently companies have started to prioritize cybersecurity, with the rise of cybersecurity companies such as Palantir and Cloudflare. These cyber security companies are private contractors that specialize in cybersecurity. All companies need to invest in cybersecurity as no one is safe from hackers, no matter how removed from technology a company is. Cybersecurity does come at a premium, but it does not compare to the costliness of ransomware or other methods of hacking.

Leave a Reply

Your email address will not be published. Required fields are marked *