Hacker tries to poison water supply of Florida city

Updated: Sep 15, 2021

It's not just cyber software and systems that Hackers are interested in. The attack on Florida’s water supply has highlighted the lack of adequate security measures present.

Cyber actors accessed the supervisory control and data acquisition (SCADA) system via TeamViewer software which was installed on one of the plant's several computers connected to the control system. These were running a Windows 7 operating system which reached end-of-life on 14/1/2020. This means no support or security patches produced anymore, making them more vulnerable by the day.

The machines also shared the same password for remote access and were said to have been exposed directly to the Internet without any firewall protection installed.

Chris White, Head of Cyber and Innovation at The Cyber Resilience Centre for the South East said: "Organisations will have aging infrastructure, some may have under-resourced IT departments, some lack budget and/or expertise to upgrade their security posture to address vulnerabilities in a timely fashion."

"However, if you remain connected to the internet, you must keep computers, devices, and applications, including SCADA or industrial control systems (ICS) software, patched and up-to-date, and where you can, add the use of two-factor authentication with strong passwords. Gaining Cyber Essentials will help you address these risks making you safer online."

The Cyber Resilience Centre for the South East (SECRC) is a policing-led partnership which is offering businesses in the region the chance to access free guidance and support to improve their cyber resilience.

When a business signs up for the SECRC free core membership you receive a useful welcome pack that will provide you with access to national guidance on cyber security, free online resources and toolkits and a tabletop exercise to really test your business’ resilience plans against a cyber-attack.

So, what are you waiting for? Sign up at www.secrc.co.uk/membership.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the South East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South East is not responsible for the content of external internet sites that link to this site or which are linked from it.