Thread: Cyber hacking. Your thoughts?
View Single Post
      05-12-2021, 01:13 PM   #42
UncleWede
Long Time Admirer, First Time Owner
UncleWede's Avatar
United_States
17998
Rep
9,378
Posts

Drives: G01 X3 M40i Dark Graphite
Join Date: Jun 2005
Location: Oxnard, CA

iTrader: (0)
Quote:
Originally Posted by TheWatchGuy View Post
having built many water and wastewater plants, its not quite as simple as not being connected to the internet.

especially for smaller municipalities, most plants arent staffed 24/7. So in order to be able to monitor and operate plants, they need remote access which creates an entry point for these types of hacks.

the other issue is reporting. the EPA has strict monitoring/sampling/reporting regulations, and some plants auto report these to the EPA, creating another entry point for these types of hacks.

then you also have the water systems that have multiple plants, pump stations, pipelines, etc that all need to report to each other. In a small town, sure, you could hardwire them all together, but that is a significant cost that small towns cant afford. In a big city, its usually not economically feasible or practical to hardwire them all together either.

probably the most secure plant ive ever been a part of was a wastewater plant for a microchip manufacturer. Everything was on a local network and was staffed 24/7. However, even in that situation, they are still vulnerable to outside attacks if someone is able to get on their local network. Especially since this plant still needed a way to communicate with other manufacturing plants throughout the company. And with all the contractors and 3rd party vendors that are constantly coming in and out of the facility, it wouldnt be hard to get in.

All that being said, most water and wastewater plants have fail safe's in place and can be run locally if something like this happened. From hardwired alarms in MCCs and control panels with relays and switches that will shut down the equipment if one of the alarms is tripped, to local control stations that you can manually operate the equipment at locally inputted set points.

THIS!!! I TRIED to get our water plant to update the firewall and include a 24x7x365 monitoring service. Our only saving grace at this point is that they only have a 1.5MB/s connection.

All the updates (that aren't applied to SCADA systems) come from an internet source. Licensed software isn't available on a dongle any more.

Heck, our plant is running on a Dell desktop that has a rusted 3.5" floppy drive. I've bought 2 sets of replacement computers, but because they didn't maintain their maintenance agreements (PAY for them) we couldn't upgrade the iFix to Win 10 or 7.
We are just about done with a 5-year IT Master plan. Council will fall out of their seats when they see $8.7m
Appreciate 1
vreihen1615256.00
Quote