The Wall Street Journal reports that Russian hacking group Dragonfly APT has accessed utilities’ control rooms.
As it happens, these were electric rather than water utilities. The media’s attention is drawn to the possibility of lights going out and an attack on nuclear powered facilities resulting in meltdown. Literally.
But an attack on water infrastructure could also have devastating consequences.
One commentator says that the Russians exploited the weakest link – people – to gain access to the systems. But it’s also worth noting that there are other weak links in the chain – like control systems that date back to the 1990s and loggers that can be dialled up – which provide vectors for an attack.
i2O has just undergone its first ISO 27001 (information security) surveillance audit after gaining accreditation at the beginning of this year. Happily there were no non-conformances or suggestions for improvement made: a gold medal at the gold standard.