How Vulnerable is SCADA?

Very few of us have a good understanding of what “cybersecurity” should mean in terms of drinking water protection. It doesn’t come with SDWA regulations; it isn’t precisely a traditional public health issue. However, we all know someone (maybe even us) who has had an email account “hacked” or we have read about “viruses” and “worms” infiltrating computer systems and compromising their ability to perform. Just because “cybersecurity” doesn’t isn’t part of our comfort zone doesn’t mean we can ignore it. We all need to learn more about this as an issue that we need to deal with in drinking water. Still think that it probably wouldn’t happen to a water system in your state? Do they have adequate SCADA protections in place? Would you know if they did or didn’t? Just look at what’s been going on at the Federal level…it’s only a matter of time before cyberthreats and compromised SCADA systems come to a water system near you…

Cyberattacks on U.S. Federal IT System Soared 680% in Five Years (from the DHS Open Source Report – April 27, 2012) Cyberattacks on the federal government’s IT systems skyrocketed 680 percent in 5 years, an official from the Government Accountability Office (GAO) testified the week of April 23 on Capitol Hill. Federal agencies reported 42,887 cybersecurity incidents in 2011, compared with just 5,503 in 2006, the director of information issues for the GAO told a House Homeland Security Committee panel.

The incidents reported by the agencies included unauthorized access to systems, improper use of computing resources, and the installation of malicious software, among others. The GAO official said the sources of the cyberthreats included criminal groups, hackers, terrorists, organizational insiders, and foreign nations. “The magnitude of the threat is compounded by the ever-increasing sophistication of cyber attack techniques, such as attacks that may combine multiple techniques. Using these techniques, threat actors may target individuals, businesses, critical infrastructures, or government organizations,” he testified. The federal government’s IT systems continue to suffer from “significant weaknesses” in information security controls, he said. Eighteen of 24 major federal agencies have reported inadequate information security controls for financial reporting for fiscal year 2011, and inspectors general at 22 of these agencies identified information security as a major management challenge for their agency, he told the House panel. ”Reported attacks and unintentional incidents involving federal, private, and infrastructure systems demonstrate that the impact of a serious attack could be significant, including loss of personal or sensitive information, disruption or destruction of critical infrastructure, and damage to national and economic security,” he warned.


Comments are closed.