Just few days ago, I did share my views about protection of installations like water system & reserviors'... My experience in the past is a good mirror.
You see during the early 70's, the technology is not there to assist the protection on these strategic installations. But today with the Digital & Internet technology, we can use these to be more effective & efficient in enforcing the security to our water system. It is the duty & responsility of the authority concern to enforce it & constance monitor in a close loop that cannot take chance of it.
Water systems' security lapses
Monday, January 10, 2005 Posted: 9:24 PM EST (0224 GMT)
WASHINGTON (AP) -- Water utilities have installed computer-based remote controls "with little attention paid to security," leaving valves, pumps and chemical mixers for water supplies vulnerable to cyber-attack, according to an Environmental Protection Agency report.
In a report Monday, the EPA's inspector general cited costs, lack of ability to check employees' backgrounds and poor communication between technical engineers and management for the shortcomings.
Benjamin Grumbles, EPA's water chief, said Monday he agrees with the report's assessment that there are "a broad range of challenges" facing water utilities, particularly with wireless communications systems, but that his office now has a plan for making improvements.
"We are actively working to provide additional tools to communities to enhance cyber security, providing funding for information that would be placed on a secure web site by the fall, to help utilities be more aware of potential threats to their computer systems," Grumbles said.
His office also is getting help, he said, from the Homeland Security Department on ways of dealing with cyber threats and from an advisory council on how to help utilities measure their improvement.
The computer-based controls were "developed with little attention paid to security, making the security of these systems often weak," the report says. As a result, many of the Supervisory Control and Data Acquisition networks used by water agencies to collect data from sensors and control equipment such as pumps and valves "may be susceptible to attacks and misuse."
The danger is illustrated by an attack on an Australian waste management system in 2000, the report says. An engineer who had worked for the contractor that supplied the remote control equipment for the system used radio telemetry to gain unauthorized access and dump raw sewage into public waterways and the grounds of a hotel.
EPA Inspector General Nikki L. Tinsley urged EPA to find out what is keeping specific water utility operators from making the systems secure, and to develop federal security measures that could be used to correct the problems.
The review by Tinsley's office was suspended after a meeting with Grumbles' office, which agreed to incorporate her concerns into its work.
Tinsley notes that EPA spent $250,000 (euro190,800) in 2002 to pay for research into how to improve security for computerized and automated systems and that Homeland Security began focusing on protections for the networks only last May.
In September, Grumbles told a House Energy subcommittee that the Bush administration had "worked diligently" to improve security of water facilities including 54,000 community drinking water systems and 16,000 public wastewater treatment plants. Read More....
Water systems' security lapses - Jan 10, 2005
Wednesday, January 12, 2005
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment