https://community.isc2.org/t5/Industry-News/Water-System-Hacked/m-p/43159#M5298 <DIV class="el__leafmedia el__leafmedia--sourced-paragraph"><P class="zn-body__paragraph speakable">&nbsp;</P><BLOCKQUOTE>A hacker gained access into the water treatment system of Oldsmar, Florida, on Friday and tried to increase the levels of sodium hydroxide -- commonly referred to as lye -- in the city's water, officials said, putting thousands at risk of being poisoned.<P class="1612889272388"><A href="https://www.cnn.com/2021/02/08/us/oldsmar-florida-hack-water-poison/index.html" target="_blank" rel="noopener">https://www.cnn.com/2021/02/08/us/oldsmar-florida-hack-water-poison/index.html</A></P></BLOCKQUOTE><P><SPAN>This is a successful incident response story.&nbsp; The duty-operator immediately noticed the attack, watched the&nbsp;level be changed and immediately restored it the proper level.&nbsp;&nbsp;</SPAN><SPAN>They then disabled their remote access system and noted that had there were additional "downstream" monitors that would have triggered had their first level control (the operator) failed.&nbsp;</SPAN></P></DIV><DIV class="zn-body__paragraph">&nbsp;</DIV><DIV class="zn-body__paragraph">So kudos for Detect and Respond, but Protect does seem to have room for improvement (e.g. MFA and isolation) that will become evident in the lessons-learned phase.</DIV><DIV class="zn-body__paragraph">&nbsp;</DIV><DIV class="zn-body__paragraph">&nbsp;</DIV> Tue, 09 Feb 2021 17:18:22 GMT denbesten 2021-02-09T17:18:22Z https://community.isc2.org/t5/Industry-News/Water-System-Hacked/m-p/43159#M5298 <DIV class="el__leafmedia el__leafmedia--sourced-paragraph"><P class="zn-body__paragraph speakable">&nbsp;</P><BLOCKQUOTE>A hacker gained access into the water treatment system of Oldsmar, Florida, on Friday and tried to increase the levels of sodium hydroxide -- commonly referred to as lye -- in the city's water, officials said, putting thousands at risk of being poisoned.<P class="1612889272388"><A href="https://www.cnn.com/2021/02/08/us/oldsmar-florida-hack-water-poison/index.html" target="_blank" rel="noopener">https://www.cnn.com/2021/02/08/us/oldsmar-florida-hack-water-poison/index.html</A></P></BLOCKQUOTE><P><SPAN>This is a successful incident response story.&nbsp; The duty-operator immediately noticed the attack, watched the&nbsp;level be changed and immediately restored it the proper level.&nbsp;&nbsp;</SPAN><SPAN>They then disabled their remote access system and noted that had there were additional "downstream" monitors that would have triggered had their first level control (the operator) failed.&nbsp;</SPAN></P></DIV><DIV class="zn-body__paragraph">&nbsp;</DIV><DIV class="zn-body__paragraph">So kudos for Detect and Respond, but Protect does seem to have room for improvement (e.g. MFA and isolation) that will become evident in the lessons-learned phase.</DIV><DIV class="zn-body__paragraph">&nbsp;</DIV><DIV class="zn-body__paragraph">&nbsp;</DIV> Tue, 09 Feb 2021 17:18:22 GMT https://community.isc2.org/t5/Industry-News/Water-System-Hacked/m-p/43159#M5298 denbesten 2021-02-09T17:18:22Z https://community.isc2.org/t5/Industry-News/Water-System-Hacked/m-p/43168#M5299 <P>Turns out their "remote access solution" was teamviewer, which notoriously does not play nice with corporate security (e.g. no SAML nor MFA in thier standard package).</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 09 Feb 2021 21:06:40 GMT https://community.isc2.org/t5/Industry-News/Water-System-Hacked/m-p/43168#M5299 denbesten 2021-02-09T21:06:40Z https://community.isc2.org/t5/Industry-News/Water-System-Hacked/m-p/43204#M5302 <P><A href="https://stpetecatalyst.com/proper-training-system-configuration-could-have-prevented-oldsmar-hack/" target="_blank">https://stpetecatalyst.com/proper-training-system-configuration-could-have-prevented-oldsmar-hack/</A></P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 11 Feb 2021 14:40:08 GMT https://community.isc2.org/t5/Industry-News/Water-System-Hacked/m-p/43204#M5302 AndreaMoore 2021-02-11T14:40:08Z