Reposted from Water Finance and Management
Just days before Super Bowl LV kicked off in Tampa Bay, a water system in nearby Oldsmar, Florida, was the target of a cyber attack, renewing concerns around a major vulnerability for water utilities.
The hack briefly multiplied the amount of sodium hydroxide, or lye, used in the city’s water treatment, by a factor of more than 100. Lye is an ingredient used in drain cleaners that is also used to control water acidity and remove metals from drinking water.
According to the Pinellas County Sheriff’s Department, a plant operator noticed that someone remotely accessed a computer system that monitors and controls chemicals used to treat water as well as other functions. The computer system has a software program that allows authorized users to access it remotely. Then later in the day, a hacker again entered the system remotely and a plant operator observed the intruder opening various software functions that control the treatment of the water, police said.
One of the software functions the hacker took control of was one that regulates the level of lye, increasing the amount from about 100 parts per million to 11,100 parts per million, police said.
The utility stated that even if the pant operator had not noticed the change in levels, it still had other controls and alerts in place to protect any compromised drinking from going out to the public. So far no suspect has been identified and officials are unsure of whether the hack came from someone inside or outside of the United States.
Via ASPG:
How ReACT can help enforce security procedures and prevent future attacks:
- MULTI-FACTOR AUTHENTICATION
Challenge questions, email (primary and alternate), SMS, image recognition, Active Directory credentials, token/cert/PIN, biometrics, Duo, and RSA™
- SEAMLESS INTEGRATION
SOAP API provides quick, simple integration with third party apps and homegrown solutions
- MAXIMIZE USER ADOPTION
Pre-populate with existing information, add new users through synchronization, and enact automatic or forced enrollment
- CROSS-PLATFORM COMPATIBLE
AD, IBM Z mainframe, Novell/eDirectory, UNIX/Linux, iSeries/AS400, JD-Edwards, Oracle/SQL, LDAP, Lawson, SAP, CAMS, WFM, Gmail, PeopleSoft, AdvantX, Office 365, ERP and HR systems, DUO, and more
- PREVENT DATA VIOLATIONS
Enforce password expiration, eliminate predictive passwords, prevent recycled passwords, and provide protection via built-in hashing, SSL cryptography, and CAPTCHA integration
- ROLE-BASED ACCESS CONTROL (RBAC)
Define user groups based on role, system use, or other parameters for regulation of computer and network access
- ACCESS FROM ANYWHERE
PC and mobile web browser, Windows login screen, smart phone, the ReACT app, internal/external support references, and webpages such as OWA, Citrix, and Service Now
- IDENTIFY SUSPICIOUS ACTIVITY
Display live user activity, log and report all password-related activities, send automated alerts, and improve the task of auditing
- REGULATION COMPLIANCE
Adhere to mandates such as PCI, SOX, HIPAA, and GDPR, facilitate the 90-day password expiration guidelines recommended by DHS, FBI, and NSA, and be 508 compliant
- INDUSTRY’S BEST TECHNICAL SUPPORT
Microsoft-certified solution with a continuous development cycle and 24x7x365 US-based technical support
- COMPLEMENT CORPORATE STRUCTURE
Free installation, scripting, and customization assistance provides custom branding, text, and reporting
- MULTI-LANGUAGE SUPPORT
Language support includes Chinese, English, French, German, Italian, Japanese, Korean, Polish, Portuguese, Russian, Spanish, Tagalog, and Vietnamese
- MAINTAIN HELP DESK CONTROL
Tiered levels of access for help desk personnel (students vs. staff), disable users and lock accounts, scale password complexity and policy rules, and create separate security groups
- OFFLINE & REMOTE ACCESS
Gain device access without requiring network, domain, or Internet connection with OAR: Offline Access Recovery, a component solution of ReACT
- SSO-LIKE FUNCTIONALITY
Execute single password approach, providing benefits of SSO solution without requiring the timely, laborious, and expensive implementation
- ACCESSIBLE MOBILE APP
Instant, convenient access via the ReACT mobile application, available for iPhone and Android.
Free trials of ReACT, ASPG’s self-service password reset tool, are available at www.aspg.com/react. Or call (800)-662-6090 to talk to an ASPG Sales Representative.
