Last week, a disclosure was made about a public water district SCADA system hack. There are a number of very important issues in this disclosure:
- The disclosure was made by a state organization, but has not been disclosed by the Water ISAC, the DHS Daily unclassified report, the ICS-CERT, etc. Consequently, none of the water utilities I have spoken to were aware of it.
- It is believed the SCADA software vendor was hacked and customer usernames and passwords stolen.
- The IP address of the attacker was traced back to Russia.
- It is unknown if other water system SCADA users have been attacked.
- Like Maroochy, minor glitches were observed in remote access to the SCADA system for 2-3 months before it was identified as a cyber attack.
- There was damage – the SCADA system was powered on and off, burning out a water pump.
- Provide better coordination and disclosure by the government.
- Provide better information sharing with industry.
- Provide control system cybersecurity training and policies.
- Implement control system forensics.
Joe Weiss