Hackers were able to infiltrate an ICS/SCADA system at a water treatment plant and altered crucial settings that controlled the amount of chemicals used to treat tap water according to Verizon’s 2016 Data breach Digest. Along with outdated computers, the system was exposed to the Internet because traffic was routed through a Web server where customers could check their monthly water bill. Here to comment on this news is Monzy Merza, Splunk’s Director of Cyber Research & Chief Security Evangelist and Lamar Bailey, Senior Director of Security R&D for Tripwire,
Monzy Merza, Splunk’s Director of Cyber Research & Chief Security Evangelist:
“Dedicated and opportunistic attackers will continue to exploit low-hanging fruit present in outdated or unpatched systems. We continue to see infrastructure systems being targeted because they are generally under-resourced or believed to be out of band or not connected to the Internet.
Beyond the clear need to invest in intrusion detection, prevention, patch management and analytics-driven security measures, this breach underscores the importance of actionable intelligence. Reports like Verizon’s are important sources of insight. Organizations must leverage this information to collectively raise the bar in security to better detect, prevent and respond to advanced attacks. Working collectively is our best route to getting ahead of attackers.”
Lamar Bailey, Senior Director of Security R&D for Tripwire:
“Poor designs and misconfigurations lead to countless security incidents. An entity can purchase all the security products in the world and acquire the best staff available but if the network has gaping holes in the perimeter or DMZ machines have unfettered access to the secure side of the network it is only a matter of time before an attack succeeds. A network needs to first be a defendable position with clear defined boarders on which layers of of security are built upon. It is imperative that companies examine their networks from the outside to see what is exposed and what “windows” are left open.
Utility infrastructure entities have become prime targets for hacktivists and terrorist so administrators must be even more diligent in securing theses locations. They are softer targets due to the antiquated insecure nature in how internal systems communicate so once the other shell is broken it can be trivial to cause havoc within the network.”