Krebs: Oldsmar water treatment plant’s security is ‘rule, not the exception’

  • At a hearing in the House Homeland Security Committee Thursday, previous director of the Cybersecurity and Infrastructure Security Agency Christopher Krebs said that the security of a hacked Oldsmar, Florida, h2o remedy plant was “probably the rule, not the exception.”

    The Oldsmar attack was notable simply because a hacker attempted to poison the h2o offer. The attack did not thrive in that purpose, but the hacker did hijack a remote obtain procedure utilised by employees at the city’s water remedy plant.

    Amid CISA’s duties at the Section of Homeland Security is to tackle quite a few sorts of public/personal and federal/community partnerships in infrastructure cybersecurity.

    “These are municipal utilities that do not have ample assets to have strong security plans. That is just the way it goes,” Krebs instructed the committee. “They really do not have the ability to collect profits at a amount ample to secure their deployments. When you have the internet, it’s meant to make points less complicated it is intended to make points more manageable. And so now all of a sudden it’s a security threat.”

    Krebs advised a multipronged strategy to shoring up municipal utilities, like including funding to update ageing technology. (The Oldsmar plant, reportedly, ran Windows 7 personal computers in this Windows 10 planet). He also called for a lot more training of personnel.

    He extra that it was much too early to speculate as to the lead to or motive of the attackers at this position.

    “I feel it’s doable that this was an insider a or a disgruntled staff. It is also probable that it was a foreign actor,” Krebs mentioned. “This is why we do investigations. But we really should not instantly leap to a conclusion that it is a sophisticated foreign adversary.”