A recent cybersecurity investigation uncovered hundreds of vulnerable industrial control systems in US water utilities, many of which were accessible without authentication. This exposed critical infrastructure to potential cyberattacks, prompting urgent security measures and government alerts. #SCADA #HMIMalware
Keypoints
- Researchers found unsecured access to control dashboards of US water utilities via TLS certificates.
- 40 systems were fully controllable without passwords, risking sabotage of water treatment processes.
- The US EPA and CISA issued alerts and guidance to strengthen security of HMIs in water systems.
- Security improvements increased the security of exposed systems from less than 20 to nearly zero within nine months.
- Threat actors have exploited exposed HMIs in water facilities, causing operational disruptions and raising national security concerns.
Views: 14