“YOU HAVE BEEN HACKED. DOWN WITH ISRAEL.”
Those were the words displayed at the Municipal Water Authority of Aliquippa, along with a motif of a drowning Star of David. The frightening message had been sent to companies across the U.S. after Iranian hackers infiltrated an Israeli-manufactured computer system.
This was a broad warning shot which happened to hit Western Pennsylvania, but it brings home a larger truth: It’s beyond time to enhance cybersecurity, for private businesses and especially for public authorities that are responsible for public health and safety. In this new era, cyberattacks are unpredictable, unhampered by geography and on a steep rise.
That’s all the more reason this incident must be a wake-up call. The computers used in Aliquippa and at Full Pint still used the default manufacturer passwords, making infiltration exceedingly easy. It’s the simple underpinning of all online safety we should expect public institutions to know: use strong passwords, implement two-step verification, and never reuse them.
The two affected facilities locally — Aliquippa’s regional water authority as well as local brewery Full Pint — were lucky. The attacks hit Programmable Logic Controllers, small computers that mostly run on autopilot to control variables like pressure, temperature and fluid flow in industrial settings. Employees were able to override the systems easily and continue their operations normally. Water service was never interrupted or contaminated, and the beer never got warm.
Other attacks could have been much more devastating, holding important data for ransom; covertly collecting information over the long-term; or crippling a facility’s ability to maintain operation altogether.
CPLs are common systems in infrastructure settings, including electric companies and oil and gas producers. The power grid, already under the strain of increasingly unpredictable weather, cannot allow itself to be vulnerable to cyber attacks.
Full Pint owner Dan Franklin called the hackers a bunch of “jagoffs.” Be that as it may, the company was lucky, and so was the water authority in Aliquippa and the people it serves. This hacking attempt seems to have been more about raising the group’s profile, rather than an actual attack.
Mr. Franklin said Full Pint is “just a small business,” with “nothing to attack.” Unfortunately, that’s no longer enough to ensure safety. Private citizens, schools, utilities, social media companies — everyone is vulnerable.
Cyberspace works without borders, and our security measures need to acknowledge this. In this case, the war between Israel and Palestine managed to affect a small business 6,000 miles away, as well as a municipal water authority. As more and more systems become automated and given over to computers of all kinds, it’s high time to take basic steps to ensure security.
— Pittsburgh Post-Gazette via AP
