게시일: 2021. 2. 15 오후 2:21:45
An aerial view of a wastewater treatment plant in California. An attempt to poison the Oldsmar, Florida water supply by hijacking a remote access system demonstrates the critical threat tied to failure to properly secure operational technology. (Photo by Justin Sullivan/Getty Images)
A new advisory offering details on a remote hacker’s attempted sabotage of an Oldsmar, Florida city water treatment plant has revealed a disregard for certain basic cyber hygiene best practices among employees.
Experts say it’s an indicator that operators of critical infrastructure could use a serious infusion of security controls. However, due to budget restrictions, these controls may first require a thorough risk assessment and prioritization exercise.
When the Feb. 5 incident was first disclosed last Monday, it was reported that a malicious actor exploited remote access software – later identified as TeamViewer – to hijack plant controls and then tried increase the amount of lye in the water to dangerous levels.
But that wasn’t the whole story. A security advisory released earlier this week by the state of Massachusetts’s Department of Environmental Protection referred to additional unsafe practices or behaviors at the Bruce T. Haddock Water Treatment Plant that exponentially increased the risk further.
For starters, all of the computers used by plant employees were connected to the facility’s SCADA system and used the Windows 7 operating system, which reached its end of life in early 2020 and is no longer supported by Microsoft. “Further, all computers shared the same password for remote access and appeared to be connected directly to the Internet without any type of firewall protection installed,” the report continued.
“This incident is important because it reflects the status of too many industrial control system (ICS) installations, especially those with smaller budgets and a smaller size, where security is often overlooked,” said Andrea Carcano, co-founder of Nozomi Networks.
The Massachusetts advisory suggested that in response to this incident, public water suppliers “restrict all remote connections to SCADA systems, specifically those that allow physical control and manipulation of devices within the SCADA network,” adding that one-way unidirectional monitoring devices are recommended to monitor SCADA systems remotely.
Additional guidance included actively using a firewall with logging capabilities, patching software regularly (and especially after the disclosure of a critical bug), using two-factor authentication and strong passwords, and installing a virtual private network.
~~
SC Media/Bradley Barth/February 12, 2021
===================================================================================
세줄 요약
1.공격자가 원격 액세스를 통해 플로리다 주의 정수장에 테러를 시도(물에 잿물의 양을 증가시키려 함).
2.시스템의 모든 컴퓨터는 윈도우7 운영체제(2020년부로 지원 x)를 사용했고, 동일한 암호를 공유.
3.나머지 기사 내용은 위험 평가-통제의 방식으로 보안적 문제들을 해결한다는 내용
느낀점
정수장같은 기반시설들이 IT보안 문제를 겪을 수도 있다는 부분은 생각해본 적이 없는데, 이렇게 심각한 문제를 일으킬 수 있다는 부분에서 놀랐다.
또, 이렇게 중요한 기반 시설임에도 예산 문제로 보안적 문제 해결에 골머리를 앓고 있는 부분에서 보안에 있어 단순히 기술적인 부분만이 중요한 것이 아니라 언제나 적절한 예산을 보안분야에 할당해야 함을 느꼈다.