Why are SCADA (supervisory control and data acquisition) systems still sitting naked on the public net? It’s one thing for a water system manager to be able to monitor flow rates, pumps, etc. remotely, but is the ability to make changes remotely really needed?
When I read the report — especially where the employee said he could see the cursor move — it sounded to me like the hacker had used remote access to take over the employee’s computer rather than taking over the control systems directly. However, this just puts the problem one layer out; why the employee’s computer was vulnerable is still a valid concern.
There are distributed control systems (DCS) systems that can be accessed and changed remotely. You usually need to first get on the network to have access to the infrastructure, then an additional layer of password protection to make actual changes in the controls.
It’s a necessary element in some cases. Large facilities will often have the control room hundreds of yards away from the equipment. People will ask how we’re going to run the facility if there’s a fire or flood in the control room, so remote access is part of the recovery plan.
It’s considered crossing a line for an engineer or manager to make changes in control parameters without consulting the operators, but people are people and these things happen. There are also some operators who will need to go out in the field for some time and will ask a remote engineer to keep an eye on things while they are away, so remote access is useful then as well.
They shouldn’t be; at least where I work they’re in a totally separate secured network.
But it’s dependent on the size of the operation; if it’s Podunk Water with one freshwater plant, one wastewater plant and one pumping station, then it’s probably not necessary to do anything remotely. But if you’re talking about somewhere like say… Austin, there are probably multiple freshwater plants, multiple wastewater plants, and a dozen pump stations/lift stations all over the place, all on a different scale than Podunk’s freshwater plant. Remote administration of just about anything makes a lot of sense in that situation.
And it’s cheaper - one guy can monitor multiple things.There is a trade-off between cost and security, and a lot of places probably went with the savings of remote administration without spending the necessary dollars for the security.
Looks like it was poor TeamViewer use: Breached water plant employees used the same TeamViewer password and no firewall | Ars Technica
You wouldn’t have to rip out any wiring, you could just unplug a couple of things or flip a couple of DIPS switches. It’s not that uncommon of a request among the shiny new mansion owners.
I’m still trying to figure out why my refrigerator or microwave needs or should be connected to the internet. WTH?
Firmware updates?
That’s what they WANT you to believe… 
(my emphasis)
Relevant remarks from a thread about Internet Of Things (IOT) a while back:
n.b.: The link in the post below is defunct. It was just a link to a picture. Here’s a current similar pic.
Don’t get me wrong, I’m not actually a Luddite, I do like my internet and many of my gadgets…
But I’m still not convinced everything should be connected. I’m not convinced it always adds utility. I am very concerned it reduces security in some cases, as the topic of this thread indicates.
I give you the Delta VoiceIQ. For when you can’t be bothered to fill your water bottle yourself.
Although I guess it could be handy for a bathtub.
This is the crazy thing for me.
Without naming names, my company provides SCADA-interfacing software for one of the biggest water authorities in the UK (soon, that will be two of them). And the idea of any of that being open to the internet is just crazy. They have tighter controls than our oil and power clients.
That’s really your answer - big utilities can afford the security and the people to tell them the security is necessary.
Small cities/towns with small utilities in the US… not so much. Sometimes being decentralized and under local control isn’t the best solution.
Oh, fuck that noise. My godsdamn teenager knows to put her private shit on a VPN and not to share passwords.
They weren’t poor, they were fucking incompetent. Fuck off with that “only the rich can afford cybersecurity” crap. The best tools are not even proprietary ones, and “don’t all use the one Teamviewer password and don’t still be running Windows motherfucking 7” is shit a schoolkid should know. And does.
If small towns were run by teenagers - who tend to be pretty internet savvy - you might have a point.
In reality, small towns are run by aging guys (by and large) who are NOT internet savvy and are often cheapskates. That’s why I said "and the people to tell them the security is necessary."
It doesn’t need a fucking McKinsey consultant to tell anyone who is actually employed to work with computers that sharing one password is a no-no. It is the most basic computer competence. It’s shit my aging parents know.
And no, Johna Jana, the head of Oldsmar Water, is neither aging nor a guy. She may be a cheapskate, I wouldn’t know, but like I said, it’s not a money issue.
Any more excuses you want to make for the poor hicks?
Sorry, Jahn, not Jana
Guess not. As you have clearly demonstrated, they’re fucking idiots. At which point I have to ask who put them in charge of vital infrastructure? The same asshats that re-sourced the water supply for Flint, Michigan?