It's often only the complexity and safeguards in industrial control systems that prevent hacker meddling from having serious consequences. Thousands of such systems are discoverable over the internet with search tools like Shodan, she points out. She says she's seen incidents firsthand in which even unsophisticated hackers access software applications that offer control of physical equipment-such as the TeamViewer remote access tool reportedly used in Oldmar or the human-machine interfaces (HMIs) that directly control equipment-and start messing with them. Even if he hadn't, the poisoned water would have taken 24 to 36 hours to reach the city's population, and automated PH testing safeguards would have triggered an alarm and caught the change before anyone was harmed, they say.Īs unprecedented as Oldmar's public announcement of a cybersabotage attempt on its water systems may be, the attack it describes is hardly unique, says Lesley Carhart, a principal threat analyst at industrial control system security firm Dragos. At high levels, it severely damages any human tissue it touches.Īccording to city officials, the operator quickly spotted the intrusion and returned the sodium hydroxide to normal levels. In low concentrations the corrosive chemical regulates the PH level of potable water. Within seconds, the intruder was attempting to change the water supply's levels of sodium hydroxide, also known as lye or caustic soda, moving the setting from 100 parts per million to 11,100 parts per million. The cursor began clicking through the water treatment plant's controls. This time there would be no illusion of benign monitoring from a supervisor or IT person. Initially, he wasn't concerned the plant used the remote-access software TeamViewer to allow staff to share screens and troubleshoot IT issues, and his boss often connected to his computer to monitor the facility's systems.īut a few hours later, police say, the plant operator noticed his mouse moving out of his control again.
Around 8 am on Friday morning, an employee of a water treatment plant in the 15,000-person city of Oldsmar, Florida, noticed that his mouse cursor was moving strangely on his computer screen, out of his control, as local police would later tell it.
0 kommentar(er)
