News: 0175126201

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Kansas Water Facility Switches to Manual Operations Following Cyberattack (securityweek.com)

(Tuesday September 24, 2024 @11:30PM (BeauHD) from the increasingly-common-incidents dept.)


A small city in Kansas switched was [1]forced to switch its water treatment facility to manual operations after a suspected cyberattack was discovered on September 22. The precautionary measure was taken "to ensure plant operations remained secure," the city [2]said . It reassured residents that the drinking water is safe and the water supply remains unaffected. SecurityWeek.com reports:

> Arkansas City says it has notified the relevant authorities of the incident and that they are working with cybersecurity experts to address the issue and return the facility's operations to normal. "Enhanced security measures are currently in place to protect the water supply, and no changes to water quality or service are expected for residents," the city said. While the city's notification does not share further details on the incident, it appears that the water treatment plant might have fallen victim to a ransomware attack. Switching to manual operations suggests that systems were shut down to contain the attack, which is the typical response to incidents involving ransomware.



[1] https://www.securityweek.com/kansas-water-facility-switches-to-manual-operations-following-cyberattack/

[2] https://www.arkcity.org/environmental-services/page/city-arkansas-city-faces-cybersecurity-incident


Good (Score:3)

by PhantomHarlock ( 189617 )

Good, now leave it that way. By placing critical infrastructure online we've created a lazy way for anyone who doesn't like us to bring us down while sitting in their underwear anywhere in the world.

Can we all agree at this point there is no such thing as 'secure' when it comes to being connected to the wider internet? Hell, Natanz, which was disconnected from the internet, was *much* harder to sabotage, but they did it. The point is, we should make it that hard for all critical infrastructure. Put it offline and keep it there.

Re: (Score:1)

by davidwr ( 791652 )

> Can we all agree at this point there is no such thing as 'secure' when it comes to being connected to the wider internet?

You can communicate with the wider internet without being on the internet .

Industrial systems like this can have outbound status/alarm/I'm-still-alive communication with the outside world via a gateway to the internet. While I would discourage inbound communication from the internet there is good reason to have remote-control over an isolated communications network for things like "emergency shutdown" if the equipment is at an unmanned location or you want a backup "go into safe mode" plan in case everyone

Isn't this included in disaster planning/testing? (Score:2)

by will4 ( 7250692 )

Shouldn't public utilities and critical infrastructure do regular disaster planning a different levels?

1, Single non-critical system failure

2. Multiple critical system failures

3. Internet / network connectivity goes down for 48 hours

4. Cyberattack, fall back to manual operations

Some level of those may not be possible, but as far as can be reasonably done there should be planning and actual testing of disaster recovery.

And, rebooting all the Windows XP machines is specifically excluded from a disaster recove

our windows XP box with team viewer broke down so (Score:3)

by Joe_Dragon ( 2206452 )

our windows XP box with team viewer broke down so now we go manual.

Re: (Score:2)

by Valgrus Thunderaxe ( 8769977 )

You jest but I'll bet that's exactly what this is.

Re: (Score:2)

by TigerPlish ( 174064 )

Amen to that. Every SCADA water system i've seen has the most awful security and is usually so old it belongs in a museum. Almost.

How there hasn't been a major incident yet is beyond me.

Where is "Kansas switched" located? (Score:2)

by ls671 ( 1122017 )

> A small city in Kansas switched was forced to switch its water treatment facility to manual operations

Where is "Kansas switched" located? I searched for it on a map and I couldn't find anything...

Mad as hell (Score:2)

by az-saguaro ( 1231754 )

In the early computer era, c1950-1980, computers inspired sci-fi books, movies, tv's that explored the upside and the noir cautionary downside, but mostly it was fun, and the overall tenor about computers was one of optimism.

Circa 1980-2005, the PC age, then the early internet and smartphones brought even more exuberant optimism for the wonderful ways they would change our lives.

Make no mistake about it, the benefits and upside optimism are real - but they have been overshadowed.

The negatives and criminal a

When you live in a sick society, just about everything you do is wrong.