SEARCH Archives
Loading
Sponsored by:

Water utility suffers cyber incident

A water utility reported a cyber incident when remote users experienced difficulties logging into the control systems, according to an ICS-CERT report.

By Gregory Hale; Source: ISS Source

04/26/2011


A water utility reported a cyber incident when remote users experienced difficulties logging into the control systems, according to an ICS-CERT report.

Offsite and onsite analyses revealed the cause of the incident was general crimeware and was not a targeted attack, ICS-CERT said. The utility’s control systems did not suffer any repercussions as a result of the incident. ICS-CERT did not name the utility.

As a result of the event, ICS-CERT coordinated with the FBI, state, and local law enforcement during and after the incident.

While onsite, ICS-CERT reviewed network topologies and control systems architecture and evaluated the water utility’s current security and detection measures.

They also provided mitigations and made recommendations for strengthening the existing cyber security and incident detection mechanisms. The water utility has since sanitized its systems and implemented stronger and tighter security practices.

Some of the general lessons learned include:

  • Secure remote access with VPNs or two-factor authentication. For more information about configuring and managing remote access, review Configuring and Managing Remote Access for industrial Control Systems.
  • Prepare for incidents with a formalized incident response plan. Enable logging and leverage the static nature of a control system to look for anomalies. Retain logs for a sufficient amount of time.
  • Understand how to preserve forensic data for analysis and reporting when an incident occurs. Capture forensic images of the system memory and hard drive prior to powering down the system. Also, avoid running antivirus software “after the fact” as the AV scan changes critical file dates and impedes discovery and analysis of suspected malicious files and timelines.

Understand, even with the best cyber defense mechanisms in place, incidents will likely occur.

Related News:
 Power firm gets NERC-CIP boost - 26.04.2011 19:53
 Blowout preventer not tested to shear pipe - 26.04.2011 09:05
 Fraud foray fools phishing filter - 26.04.2011 09:04
 Even firewalls have holes - 26.04.2011 09:03
 Oak Ridge hit by cyber attack - 26.04.2011 09:01
 FPL wind turbine hack a hoax - 26.04.2011 09:00
<- Back to: Top Stories

No comments
Featured Content

Pressurizing with dust collectors: Making the right decision

Ask your utility about incentives

Assess your facility's energy upgrade potential

HVLS fans deliver energy savings from the top down

Managing alarms effectively

Using Lean to add value, achieve operational experience

Manufacturing comfort

Active filter cleaning technologies extend filter life, improve efficiency

» More Featured Content

Poll of the Week

What category most helps you select new products?
Recommendation from colleagues
Product of the Year winners
Supplier information
Trade show visit


Click Here for Poll Archives
Sponsored by:

About Us | Contact Us | Advertise | Subscribe to Magazine | Site Map | Privacy Policy
Home | Channels | New Products | Media Library | Connect | Industry News | Events and Awards | Newsletters | Blogs | Magazine
Control Engineering | Plant Engineering | Consulting-Specifying Engineer
All content copyright © 2010-2013 CFE Media. All rights reserved.