There hardly goes a day without news of cyberattacks taking place at banks, tech companies, or government agencies. From targeting the individual to the masses, hackers are getting ever more creative in what they strike at, in order to compromise systems and gain sensitive information. Well, the US White House and Environmental Protection Agency (EPA) are now warning that public water and sewage systems are the latest points of attack and state administrations are being urged to improve the security of such plants.
The plea for 'water resilience' from the White House and EPA (via The Verge) came in the form of an open letter to US state governors and a call to attend a virtual meeting on how best to combat attacks from state-sponsored groups. In the letter, it's claimed that 'drinking water and wastewater systems are an attractive target for cyberattacks because they are a lifeline critical infrastructure sector but often lack the resources and technical capacity to adopt rigorous cybersecurity practices.'
However, some of the practices that should, but haven't, been followed are arguably not all that rigorous. This small section of the latter highlights what I mean: “In many cases, even basic cybersecurity precautions—such as resetting default passwords or updating software to address known vulnerabilities—are not in place and can mean the difference between business as usual and a disruptive cyberattack.”
You'd think that changing a default admin password on a router, for example, would be common practice by all IT departments but that's clearly not happening. What you're seeing there is an over-reliance on the strength of the password, which is typically very strong on networking devices. However, if the database of passwords used for such devices is ever compromised and the details publicly leaked, then it's not even remotely strong any more.
Windows 11 review: What we think of the latest OS.
How to install Windows 11: Our guide to a secure install.
Windows 11 TPM requirement: Strict OS security.
Hence why the White House and EPA talk about being rigorous with practices, such as routinely changing passwords and updating firmware to prevent cyberattacks from standing any chance of succeeding.
Access to clean water, whenever desired, is taken for granted by many of us around the world, myself included, and it's somewhat concerning to think that someone could interfere with that access from another country. At the moment, what attacks that have taken place on such facilities haven't resulted in any serious disruptions in the service of water and waste, but one can't help but feel it's only a matter of time before something alarming does happen.
Lock the doors before the horse bolts, folks. You know it makes sense.