CISA, FBI Share Recommendations After Water Treatment Hack – By Mariam Baksh (Nextgov) / Feb 12 2021
The agencies say updating to the latest operating system is important, even if it wasn’t a factor in this particular incident.
The first thing federal agencies are advising organizations to do following an intruder’s attempt to poison the water supply of a small Florida city is to update their Windows operating system.
The action is listed as the first mitigation item in a Thursday alert with observations of the incident from the FBI, the Cybersecurity and Infrastructure Security Agency, the Environmental Protection Agency, and the Multi-State Information Sharing and Analysis Center.
An operator detected the event, which occurred on Feb.5, in time to avoid a dangerous overload of sodium hydroxide, the main ingredient in drain cleaners used in small amounts to moderate pH levels. Cybersecurity professionals say it seems to be the work of an amateur or insider, but it highlights dire weaknesses in critical infrastructure and has federal policy-makers paying attention to industrial control systems, such as those also used by electric utilities, which are often managed by local municipalities.
