Sign in / up

back to article US task force aims to plug security leaks in water sector

US government is urging state officials to band together to improve the cybersecurity of the country's water sector amid growing threats from foreign adversaries. The Environmental Protection Agency (EPA) announced it is seeking to establish a Water Sector Cybersecurity Task Force to beef up current work to implement " …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    Dam.

    7 0 Reply
  2. david 12 Silver badge

    The Hero of Haarlem

    0 0 Reply
  3. Anonymous Coward
    Anonymous Coward

    Yet another pretext for State Security to spy on its own people.

    Yet another pretext for State Security to spy on its own people.

    1 6 Reply
    1. cyberdemon Silver badge
      Reply Icon
      WTF?

      Re: Yet another pretext for State Security to spy on its own people.

      Do elaborate, please.

      4 0 Reply
      1. IGotOut Silver badge
        Reply Icon

        Re: Yet another pretext for State Security to spy on its own people.

        "Do elaborate, please"

        Do your own research man, I mean, dude, c'mon. It's Big Water man....open your eyes. They are out for you, I'm telling you it's there for you see, you just have to look.

        6 1 Reply
        1. Claptrap314 Silver badge
          Reply Icon

          Re: Yet another pretext for State Security to spy on its own people.

          Dude, this is the Internet. The troll icon is not optional.

          1 0 Reply
  4. Anonymous Coward
    Anonymous Coward

    Well, duh..

    The solution would be to simply stop using Windows for SCADA control functions.

    The problem with that is that there are (as far as I know) few certified alternatives now :(.

    5 2 Reply
    1. cyberdemon Silver badge
      Reply Icon
      Happy

      Re: Well, duh..

      https://www.beckhoff.com/en-en/products/ipc/software-and-tools/twincat-bsd/

      2 0 Reply
    2. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Well, duh..

      From my experience, its not just Windows, but often very old and insecure versions of Windows with some form of very old and insecure remote access to them as they are often at unstaffed physically remote locations.

      4 0 Reply
      1. cyberdemon Silver badge
        Reply Icon

        Re: Well, duh..

        I remember a website called VNC Roulette..

        Someone had done a portscan of all IPs running VNC on the standard port, made a list of all the ones with no authentication whatsoever, and the site would connect you to a random one.. The number of industrial control systems on there was horrifying..

        Of course, the standard government response was to shut the site down.. I wonder if they actually bothered to contact all the idiots on the list.

        3 0 Reply
      2. Paul Crawford Silver badge
        Reply Icon

        Re: Well, duh..

        The real problem is not the old and insecure windows / SCADA systems as such.

        It is WTF are they doing accessible from simple port-scans, or even from internal networks where office folks do their web and email from?

        1 0 Reply
  5. MacGuffin

    Everyone's an Expert in Cybersecurity

    Here the expert /spokesman in cybersecurity for water has a PhD in Chemistry and no IT experience. That type of mismatch happens often in government civil service.

    7 1 Reply
  6. BenMyers

    Not strong-arming

    This is not the EPA putting a strong arm on municipal water facilities. The action simply speaks to the gaping security holes in public-facing computer systems everywhere. And no so public facing. The US is the biggest target for cybercriminals, and likely the most lucrative one.

    The municipal water systems, both fresh water at the tap and waste water full of whatever are a series of disconnected operations. This is not a "system" in my country.

    I have my own personal water systems, water drawn from a well and waste flowing into a septic system, pumped every couple of years. My systems are as disconnected from any grid and as secure as possible, with the well pump relying on electricity delivered to our house.

    2 0 Reply
    1. PRR Silver badge
      Reply Icon

      Re: Not strong-arming

      > ...the well pump relying on electricity delivered to our house.

      https://www.lehmans.com/category/deep-well-pumps

      Deep well hand pumps. Some made to slip alongside an electric pump system.

      The more likely product (new, in short supply) is Earthstraw Code Red:

      https://www.flojak.com/content/Earthstraw%20Instructions/Earthstraw%20Installation%20%20Operation%20Instructions%20v1%203.pdf

      Also a well-bucket: https://www.lehmans.com/product/lehmans-own-galvanized-well-bucket

      FWIW: we often live through days without power for the well. We have clean jug-water for drinking. We have started stocking water in old jugs for toilet flushing. (In nice weather we can poop where the bear poops, but not in low temps and high winds, which is when the power likes to go out.)

      0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like