The digital security of computer networks controlling the machines that produce and distribute water and power in the U.S. is woefully inadequate. Operators and regulators have placed a low priority on keeping these systems secure, posing a terrifying threat to national security.
Article by Nolan Barton from Natural News.
It only took six hours for the Los Angeles Department of Water and Power to be hacked back in 2018. Early this year, an intruder lurked in hundreds of computers related to water systems across the U.S. In Portland, Oregon, burglars installed malicious computers onto a grid providing power to a chunk of the Northwest.
On February 5, a hacker gained access to the computer controlling the chemical levels at a water treatment plant in Oldsmar, Florida. They then tried to adjust the levels of sodium hydroxide in the plant. In small quantities, sodium hydroxide helps sanitize water safely. But in larger quantities, it can be fatal.
According to Sheriff Bob Gualtieri, the hacker successfully increased the sodium hydroxide level from 100 parts per million (ppm) to 11,100 ppm. Fortunately, an operator witnessed the breach as it was taking place and returned the chemical level to its appropriate setting. The water was subsequently tested to validate its safety.
“If we have a new world war tomorrow and have to worry about protecting infrastructure against a cyberattack from Russia or China, then no, I don’t think we’re where we’d like to be,” said Andrea Carcano, co-founder of Nozomi Networks, a control system security company.
Technology systems in critical infrastructure too old for cybersecurity tools
In the last few months, hackers working for profit have targeted companies running operational networks like the Colonial Pipeline fuel system. They infected the pipeline’s information technology systems with ransomware, forcing its owner to stop the flow of 2.5 million barrels a day of petroleum products.
Much of the technology systems in critical infrastructure are too old for sophisticated cybersecurity tools. Network administrators fear that a push to digitize critical infrastructure may increase a network’s exposure to hackers, said Carcano.
Digitization has enabled industrial companies and utilities to increase efficiency with greater oversight and control of their sprawling operations, which in the case of the Colonial Pipeline extends 5,500 miles through a network branching from Texas to New Jersey. But vulnerabilities in office IT systems can offer entry points for hackers to later go after control systems.
“I think what happened [to Colonial] is the most likely model for what is ahead of us,” said Chris Williams, cyber solution architect at Capgemini North America. (Related: More than 15,000 gas stations ran out of fuel in just a few days after Colonial Pipeline cyberattack: Are you prepared for the “big one?”)
Standards for American pipeline infrastructure are set by the Transportation Security Administration (TSA), the government agency in charge of airport screenings that has been traditionally understaffed and underfunded.
TSA had just six full-time staff members dealing with pipeline security until last year. That number has since increased to 34.
According to Federal Energy Regulatory Commission (FERC) Commissioner Neil Chatterjee, responsibility should be stripped from the TSA and shifted to the Department of Energy (DOE). “I was worried about the economic and national security implications of such an attack and we’re seeing that in real-time with what happened with Colonial,” he said.
A criminal investigation in cooperation with the Federal Bureau of Investigation (FBI) and the Secret Service had been initiated.
President Joe Biden has taken steps to tighten cybersecurity. On May 12, Biden signed an executive order aimed at strengthening the country’s cybersecurity defenses.
The president’s executive order calls for the federal government and private sector to partner in confronting “persistent and increasingly sophisticated malicious cyber campaigns” that threaten national security.
Calling the Colonial Pipeline hack a “stark reminder” of the need to harden critical infrastructure, Energy Secretary Jennifer Granholm said last month that “in the face of an evolving array of 21st-century risks, we have to rethink our approach to security, and to reassess the authorities that we can bring to bear during these kinds of emergencies.”
Government needs to be proactive in battle against cybercriminals
The government tends to be passive when there’s no actual damage from cyberattack. Take the case of ONE Gas Inc. in Tulsa, Oklahoma as an example.
Niyo Pearson was overseeing cybersecurity there in January 2020 when his team was alerted to malware trying to enter its operational system – the side that controls natural gas traffic across Oklahoma, Kansas and Texas.
For two days, his team was in a dogfight with the hackers who moved laterally across the network. Ultimately, Pearson’s team managed to expel the intruders.
When Richard Robinson at Cynalytica fed the corrupted files into his own identification program, ONE Gas learned it was dealing with malware capable of executing ransomware.
Pearson tried to bring the data to the FBI but it would only accept it on a compact disc, he said. His system couldn’t burn the data onto a CD. When he alerted the Department of Homeland Security (DHS) and sent it through a secure portal, he never heard back from the agency.
Robinson gave a presentation to the DHS, the DOE, the Department of Defense and the intelligence community on a conference call. He never heard back either.
“We got zero, and that’s what was really surprising,” Robinson said. “Not a single individual reached back out to find out more about what happened to ONE Gas.”
Follow CyberWar.news for more news and information related to cyberattacks.
New Conservative Network Seeks Crowdfunding Help
They say we have to go big or go home. We’re trying to go big and bring the patriotic truth the the nation, but we need help.
Readers may or may not realize that over the past year, we’ve been bringing more conservative news and opinion outlets under our wing. Don’t take our expansion as a sign of riches; all of the “acquisitions” have been through sweat and promises of greater things to come for all involved. As a result, we’ve been able to bring together several independent media sites under a unified vision of preventing America from succumbing to the progressive, “woke,” Neo-Marxist ideologies that are spreading like wildfire across America.
The slow and steady reopening of America is revealing there was a lot more economic hardship brought about from the Covd-19 lockdowns than most realize. While we continue to hope advertising dollars on the sites go up, it’s simply not enough to do things the right way. We are currently experiencing a gap between revenue and expenses that cannot be overcome by click-ads and MyPillow promos alone (promo code “NOQ” by the way).
To overcome our revenue gap and keep these sites running, our needs fluctuate between $3000-$7000 per month. In other words, we’re in the red and hemorrhaging.
The best way you can help us grow and continue to bring the truth to the people is by donating. We appreciate everything, whether a dollar or $10,000. Anything brings us closer to a point of stability when we can hire writers, editors, and support staff to make the America First message louder. Our Giving Fuel page makes it easy to donate one-time or monthly. Alternatively, you can donate through PayPal as well.
As the world spirals towards radical progressivism, the need for truthful journalism has never been greater. But in these times, we need as many conservative media voices as possible. Please help keep NOQ Report and the other sites in the network going.
Thank you and God Bless,
New News Aggregator — Truth. Based. Media. — “Better than Drudge Report, plus unlike Drudge they love America!”