U.S. Water News Online
WASHINGTON -- Water utilities have installed computer-based
remote controls "with little attention paid to security," leaving
valves, pumps and chemical mixers for water supplies vulnerable to
cyber-attack, according to an Environmental Protection Agency report.
In the report, the EPA's inspector general cited costs, lack of
ability to check employees' backgrounds and poor communication
between technical engineers and management for the shortcomings.
The computer-based controls were "developed with little attention
paid to security, making the security of these systems often weak,"
the report says. As a result, many of the Supervisory Control and
Data Acquisition networks used by water agencies to collect data from
sensors and control equipment such as pumps and valves "may be
susceptible to attacks and misuse."
The danger is illustrated by an attack on an Australian waste
management system in 2000, the report says. An engineer who had
worked for the contractor that supplied the remote control equipment
for the system used radio telemetry to gain unauthorized access and
dump raw sewage into public waterways and the grounds of a hotel.
EPA Inspector General Nikki L. Tinsley urged EPA to find out what
is keeping specific water utility operators from making the systems
secure, and to develop federal security measures that could be used
to correct the problems.
EPA officials in the Office of Research and Development and the
Office of Water did not submit written responses to the inspector
general, as federal agencies usually do.
Tinsley notes that EPA spent $250,000 in 2002 to pay for research
into how to improve security for computerized and automated systems
and that the Homeland Security Department began focusing on
protections for the networks only last May.
In September, Benjamin Grumbles, EPA's water chief, told a House
Energy subcommittee the Bush administration "worked diligently" to
improve security of water facilities including 54,000 community
drinking water systems and 16,000 public wastewater treatment plants.
The National Research Council, reviewing EPA's plan for improving
water system protection, also has cited a need for more attention to
security in designing the networks, and for heading off potential
internal threats such as actions by a disgruntled employee.
Return to the
U.S. Water News' Archives page
Return to the U.S. Water
Use a comma to separate e-mail addresses:
Hi, I thought you might like to read this article.