From banks to high-tech companies to government agencies, not a day goes by without news of a cyber attack. From targeting individuals to targeting the masses, hackers are getting ever more creative in their targets of attack in order to compromise systems and gain sensitive information. The U.S. White House and the Environmental Protection Agency (EPA) now warn that public water and sewer systems are the latest targets of attack, and state governments are being urged to improve security at these plants.
The plea for "water resiliency" from the White House and EPA (via The Verge) comes in the form of an open letter to U.S. state governors, inviting them to attend a virtual conference on how best to counter attacks from state-sponsored groups. The letter argues that "drinking water and sewer systems are attractive targets for cyberattacks because they are critical infrastructure sectors of the lifeline, but often lack the resources and technical capacity to employ rigorous cybersecurity practices."
However, some of the practices that should be followed but are not are arguably less rigorous. The latter small section underscores what I mean: "In many cases, even basic cybersecurity precautions, such as resetting default passwords or updating software to address known vulnerabilities, are not being implemented.
For example, one would think that changing the default administrator password on a router would be common practice for all IT departments, but clearly it is not. What we see there is an over-reliance on password strength. On network devices, passwords are usually very strong. However, if the database of passwords used on such devices is compromised and their details are leaked to the public, passwords are no longer strong. [Hence, the White House and the EPA are talking about strictly following practices such as changing passwords and updating firmware on a daily basis to prevent any chance of a successful cyber attack. [Access to clean water at any time is something many people around the world, including myself, take for granted. So far, the attacks on these facilities have not resulted in serious disruptions to water or waste supplies, but I can't help but feel that it is only a matter of time before something alarming happens.
Folks, lock your doors before the horses bolt. It makes sense.
Comments