US Water Utilities a Chinese Hacker Target
US water utilities are an interesting group. Let us talk about Colorado.
Denver Water was founded in 1918, has a budget of $700 million according to Wikipedia and has over 1100 employees. It serves a million and a half people.
Indian Hills water district, by comparison, has a budget of $400,000. From what I understand it has a staff of 3. It serves about 5,600 customers.
Which one do you think would be easier to hack?
How many water districts are there in the country? The EPA says there are over 148,000 of them.
How many do you think are the size of Denver? How many are closer to the size of Indian Hills? That is the problem.
Do I think Denver can protect itself from a Chinese cyberattack? To be honest, I don’t know. I strongly suspect that they have better security than Indian Hills, though.
Is it perfect? Bullet proof? GUARANTEED NOT.
Okay, with that setup, what is going on?
Rural America is likely on the front lines of the battle between the United States and China’s desire to “reunify” Taiwan. Rural America, is, Apparently ground zero.
Chinese hackers have, according to reports, accessed the IT networks of hundreds of small and medium-sized US water systems and other utilities with a plan to sabotage US critical infrastructure in case the US does something they don’t like. Like trying to stop them from invading Taiwan.
US officials briefed this scenario a couple of years ago, so it is not some tin foil hat guy (me) off his meds and thinking there is a conspiracy. There is one. It is real.
The revelations highlight the vulnerability to online sabotage of automated and remotely controlled operational technology systems, and the growing resource gap faced by those charged with defending them. In the event of a war in the Pacific, if China seeks to undermine America’s will and ability to fight by crippling its civilian infrastructure, small town utilities might be on their own.
https://www.databreachtoday.com/weak-exposed-us-water-utilities-chinese-hacker-target-a-29743
There were two non-profits formed last year to help with this. One just “paused” its operations. The other can only work with a handful of systems.
With both no laws requiring water systems to have strong security and the current administration commitment to destroying CISA’s ability to do anything at scale, If China were to do what we think they are capable of doing, you better have a lot of bottled water.
China is “pre-positioning” its military hackers against civilian, non-combatant critical infrastructure. In that battle, who do you think is going to win?
And it is not just water. We see hospitals being hit by cyberattacks on an ongoing basis. Small power companies will also be targets.
What we don’t know today (although the government may have an idea) is how many of these utilities are already compromised.
If hackers were to break into the network of a small regional healthcare network (hospitals and clinics), lay low and not do anything at all – just wait until they are told to attack – how many of these would be detected.
No one knows, but my guess is close to zero.
Cisco’s Wendy Nather said utilities serving small communities – say in Kansas or in Arkansas – are target rich but cyber poor.
I could not have said it better myself. While electric generation is more regulated, if you lose water, Josh Corman says, you lose hospitals too. No water means no air conditioning. No fire suppression. no sterilization. You get the idea. What if that happens in Arizona in the summer. What if multiple small water systems around a city are attacked? Where do you even evacuate people to?
Neither one of the two volunteer organizations could possibly even make a dent in the problem. One group is working with the National Rural Water Association. That helps a little bit, but without money and people, it is a guaranteed fail.
Not to be a prepper, but being prepared is not a bad idea. Reminds me of one of my favorite movie clips from the movie Hoodwinked.
If we can assist, please contact us. Credit: Data Breach Today
by 