"CISA, FBI Share Recommendations After Water Treatment Hack" 

The U.S. Homeland Security Department's Cybersecurity & Infrastructure Security Agency (CISA) has issued an alert about the recent compromise of a U.S. drinking water treatment facility, with observations of the incident from CISA, along with the Federal Bureau of Investigation (FBI), Environmental Protection Agency (EPA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC). On February 5, 2021, unidentified cyber actors were able to gain unauthorized access to the facility's Supervisory Control and Data Acquisition (SCADA) system to increase the amount of sodium hydroxide (lye) in a small Florida city's water treatment process. However, water treatment plant personnel immediately noticed the unauthorized change and corrected the issue. CISA, the FBI, EPA, and MS-ISAC have observed cybercriminals targeting and exploiting desktop sharing software to gain unauthorized access to systems. It has been confirmed that the hackers used the desktop sharing software TeamViewer to gain access to the city's water system. All of the computers with this remote access tool were discovered using the same password for accessing the water system. A firewall was also not implemented. The CISA alert provides recommendations from the federal agencies for organizations on how to securely implement TeamViewer software, such as setting random passwords to generate 10-character alphanumeric passwords. There are recommendations for bolstering water and waste treatment systems security, which include installing independent cyber-physical safety systems. Organizations are also advised to enable multi-factor authentication, use strong passwords to protect remote desktop protocol credentials, implement firewalls, use the most up-to-date operating system, and more. This article continues to discuss the findings and recommendations provided by CISA's advisory regarding the recent attack on a Florida water treatment facility.

NextGov reports "CISA, FBI Share Recommendations After Water Treatment Hack"

Submitted by Anonymous on