Last month, the local Water Action Response Network, which includes utility companies, sent emails to its members, informing that cyberattacks had affected two water supply systems.
According to the letter, the hackers installed a web shell in the networks of enterprises for remote access to them. The attack was detected and stopped, and the FBI initiated an investigation. The organization did not disclose the names of the enterprises.
Kruppa’s responsibilities include computer monitoring of chlorine and PH levels in tap water. According to him, he is constantly worried about intruders gaining access to the system and changing the levels of chemicals.
A similar thing almost happened earlier this year in Oldsmar, Florida. The attacker gained access to the water treatment system and raised the level of sodium hydroxide (a cleaning chemical) to dangerous levels. Fortunately, the employees of the water treatment plant managed to reduce the concentration of the hazardous substance in time.
In the aftermath of the Oldsmare incident, the Public Utilities Commission has provided advice to state businesses to strengthen cybersecurity. The commission requires large utility companies to draw up annual cybersecurity plans, but small municipal systems are not required to do so, therefore they are more vulnerable to hacker attacks.
Let me remind you that I also reported that Kansas resident charged with hacking water utility computer system.