#AceNewsReport – Feb.17: The document recommends following “Cyber Hygiene” and recommends steps such as keeping software up-to-date, implementing “independent cyber-physical safety systems,” and using randomized alphanumeric passwords, the St. Albans Messenger reported.
February 17, 2021 09:57 AM
St. Albans Public Works Director Martin Manahan says the city is continuously looking for ways to reduce risk: “ We have a very secure cybersecurity system in place that is continually monitored by IT staff. The people using the St. Albans City municipal water system can be very confident that we are constantly monitoring and testing our system to provide safe drinking water throughout our community,” Manahan said.
America’s Water Infrastructure Act of 2018 requires that water treatment systems that service more than 3,300 people “to develop or update risk assessments and emergency response plans.”
‘FBI issues cybersecurity outline for water treatment plants and the document comes two weeks after a cyberattack on a drinking water system that serves 15,000 people outside of Tampa, Florida, was infiltrated: The attackers attempted to increase the amount of lye from 100 parts to 11,000 parts per million’
Florida water plant cyberattack: Senate Intel chair seeks answers
Senate Intelligence Chairman Mark Warner has sent a letter to FBI and EPA
Stephanie Pagones42 mins ago
Senate Intelligence Chairman Mark Warner has sent a letter to the FBIand Environmental Protection Agency (EPA) seeking more information regarding the recent computer breach at a Florida water treatment facility, citing the need to ensure that potential security weaknesses are addressed.
Warner, a Virginia Democrat and chair of the Senate Select Committee on Intelligence, penned the letter to Matt Dorham, assistant director of the FBI’s Cyber Division, and Radhika Fox, acting assistant administrator for the EPA’s Office of Water.
He cited Cybersecurity & Infrastructure Security Agency (CISA) data that indicates 80% of the nation’s drinkable water comes from about 153,000 public water systems, “and any type of attack, including a cyber attack, could result in ‘illnesses or casualties and/or a denial of service that would also impact public health and economic vitality,’” the letter states.
He added: “Additionally, other critical infrastructure sectors such as healthcare, emergency services, energy, food and agriculture, and transportation systems depend on the cyber resilience of water facilities.”
On Feb. 5, a plant operator at the Oldsmar water treatment facility thwarted a hacker’s attempt to elevate the amount of sodium hydroxide in the water to “dangerous levels,” Pinellas County Sheriff Bob Gualtieri said during a subsequent press conference.
The hacker first breached the system at approximately 8 a.m. that day but only did so momentarily before logging off. A plant operator on duty noticed the “brief” remote access but wasn’t particularly concerned because supervisors “regularly” access the computers remotely to monitor the system, officials said.
But around 1:30 p.m. that same day, “someone again remotely accessed the computer system and it showed up on the operator’s screen with a mouse being moved about to open various software functions that control the water being treated in the system,” Gualtieri said.
The hacker took over the system for anywhere from three to five minutes when they opened a function that controls the amount of sodium hydroxide in the water and changed the amount from 100 parts-per-million to 11,100 parts-per-million, Gualtieri said.
“This is obviously a significant and potentially dangerous increase. Sodium hydroxide, also known as lye, is the main ingredient in liquid drain cleaners,” he continued. “It’s also used to control water acidity and remove metals from drinking water in the water treatment plants.”
The hacker left the system shortly after changing the parts-per-million, and officials say the plant operator “immediately reduced the level back to the appropriate amount.” The public, in turn, was never in danger, he said.
While investigators are still probing how the hackers breached the system, the FBI released a threat alert last week, warning that “corrupt insiders and external cyber actors [were] using desktop sharing software to victimize targets in a range of organizations, including those in the critical infrastructure sectors.”
Officials said hackers have been exploiting the legitimate software, called TeamViewer, to “exercise remote control over computer systems.”
The FBI confirmed to Fox News on Tuesday that it had received Warner’s letter. A spokesperson would not comment further other than to say: “FBI Tampa is working jointly with the City of Oldsmar and Pinellas County Sheriff’s Office in the investigation of this incident. We do not have further comment at this time.”
An EPA spokesperson did not immediately provide Fox News with a statement.
Warner asked, first and foremost, that he be provided with the progress of the FBI’s investigation into the treatment plant breach. He is also seeking “a review by the Environmental Protection Agency into whether the Oldsmar water treatment facility was compliant with the most recent Water and Wastewater Sector-Specific Plan, and whether that plan, most recently updated in 2015, needs to be updated to confront similar risks,” he wrote.
Lastly, he is asking for confirmation that the federal government is “sharing timely threat information related to this incident with water and wastewater facilities, and other critical infrastructure providers across the United States.”
“This incident has implications beyond the 15,000-person town of Oldsmar,” he wrote. “While the Oldsmar water treatment facility incident was detected with sufficient time to mitigate serious risks to the citizens of Oldsmar, and appears to have been identified as the result of a diligent employee monitoring this facility’s operations, future compromises of this nature may not be detected in time.”
Fox News’ Michael Ruiz contributed to this report.Stephanie Pagones is a Digital Reporter for FOX Business and Fox News. Follow her on Twitter at @steph_pagones.
#AceNewsDesk report ……….Published: Feb.17: 2021:
Editor says #AceNewsDesk reports by https://t.me/acenewsdaily and all our posts, also links can be found at here for Twitter and Live Feeds https://acenewsroom.wordpress.com/ and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com