Retired
Vulnerabilities like described in the article do raise questions about American's vulnerability to government sponsored hackers out to criple the USA economically and thus militarily.
Mission critical, internal control systems should never be attached to the internet. If a programmer or other authorized person needs remote access to address problems, it should be through a dedicated line or better through an on-site operator. That operator could communicate with a programmner, etc. by fax, phone, or even by a completely different internet attached computer to make changes to the software or controls. Mission critical systems need to be closed computer operated and have failsafe software against equipment abuse.
It would be humiliating for a manager to be recognized for making such a stupid decision as to allow internet access over open lines to a mission critical system, so it is easy to understand why the specific organization was not identified directly. Even high tech 128 bit encryption of financial passwords is not unbreakable with enough computer resources, so that encryption will have to change by the time quantum computers hit the market with multiple processors equivalent to a network of super computers today. Physical security always need to be considered first.
Moving water is certainly a misson critical internal operation for a water utility. I do wonder though why the pumps were not designed to shut off until manually restarted in response to too many on off cycles, since such things can also happen with pump systems damaged in earthquakes or floods creating intermittent electrical connections. It is very likey the destroyed pump will be costly to replace.
If it were not for the security breaches at defense contractors I would recommend the Pentagon give free classes to businesses on appropriate security, but apparently they haven't even been able to secure their network with their contractors who have lost secrets through lack of sufficient computer security.
Biting the hand that feeds IT
