public

SCADA Checkup Thursday - CHECKLIST

Following up on the recent Water Treatment SCADA system hack in Florida last week, below is a very quick list of steps you can take TODAY to start on the road of securing your SCADA and overall Operational Technology (OT) infrastructure.

4 months ago

Latest Post 2021.06.4 SCADA and Network Programmer by Willow Vannerus public

Following up on the recent Water Treatment SCADA system hack in Florida last week, below is a very quick list of steps you can take TODAY to start on the road of securing your SCADA and overall Operational Technology (OT) infrastructure through a risk assessment.

Short Term

  1. Disable remote access software and provide access only when required.
  2. Check your physical security. Can someone just walk up to your SCADA PC and perform system changes?
  3. Make a list of everyone that has access to your system.
  4. Use unique usernames and passwords.
  5. Enable two-factor authentication.
  6. Perform a quick survey of your facility. Are you aware of all the systems that can provide remote access? Are there cellular modems installed or vendors that have their own remote access system? Do you know where all your Industrial Control Systems (ICS) are?
  7. Update your remote access software. Be careful of blindly updating Windows or SCADA software on a live system, there may be conflicts that should be checked first.

What is a Long Term Solution?

Every system is unique and every facility has different budget constraints to meet their Cyber Security objectives. To determine the best course of action, you must perform a system assessment and develop a plan that identifies your risks, helps you determine your risk tolerance and builds a plan (and budget) to deploy a solution. Below is a recommended starting point as you improve your system security.

  1. Perform a Risk Assessment. Contact us today!
  2. Update your documentation.
  3. Add a firewall and configure it to restrict inbound AND outbound connections.
  4. Setup a method of logging your firewall and access controls.
  5. Schedule migration of Windows XP and Windows 7 machines.

Microsoft has discontinued support for Windows XP and Windows 7 as of April 8, 2014 and January 14, 2020 respectively. See the quote below from the Microsoft Website

What happens if I continue to use Windows 7? If you continue to use Windows 7 after support has ended, your PC will still work, but it will be more vulnerable to security risks and viruses. Your PC will continue to start and run, but will no longer receive software updates, including security updates, from Microsoft.

Cyber Physical Engineering - Oldsmar Water Treatment Hack
A water treatment wake up call. The hack in Oldsmar Florida highlights the importance of identifying your risk and the role of cyber physical engineering in securing critical infrastructure.

https://pcsoweb.com/21-015-detectives-investigate-computer-software-intrusion-at-oldsmar’s-water-treatment-plant

Computer intruder tried to poison Florida city’s drinking water with lye
Change boosting sodium hydroxide level was reversed before anyone got hurt.
Breached water plant employees used the same TeamViewer password and no firewall
Shortcomings illustrate the lack of security rigor in critical infrastructure environments.
Hack exposes vulnerability of cash-strapped US water plants
ST. PETERSBURG, Fla. (AP) — A hacker’s botched attempt to poison the water supply of a small Florida city is raising alarms about just how vulnerable the nation’s water systems may be to attacks...
Cybersecurity Advisory for Public Water Suppliers
How public water suppliers can guard against cyber-attacks on water supplies.

News Conference on Youtube

Reference to utilization of shared TeamViewer Password

Hack exposes vulnerability of cash-strapped US water plants
ST. PETERSBURG, Fla. (AP) — A hacker’s botched attempt to poison the water supply of a small Florida city is raising alarms about just how vulnerable the nation’s water systems may be to attacks...
Sean R Bouchard

Published 4 months ago