Quote:
Originally Posted by Murf993
Might be the rum talking but here goes. Why doesn't the command and control system for any infrastructure have a stand alone system for the expressed reason of avoiding hacking.
|
having built many water and wastewater plants, its not quite as simple as not being connected to the internet.
especially for smaller municipalities, most plants arent staffed 24/7. So in order to be able to monitor and operate plants, they need remote access which creates an entry point for these types of hacks.
the other issue is reporting. the EPA has strict monitoring/sampling/reporting regulations, and some plants auto report these to the EPA, creating another entry point for these types of hacks.
then you also have the water systems that have multiple plants, pump stations, pipelines, etc that all need to report to each other. In a small town, sure, you could hardwire them all together, but that is a significant cost that small towns cant afford. In a big city, its usually not economically feasible or practical to hardwire them all together either.
probably the most secure plant ive ever been a part of was a wastewater plant for a microchip manufacturer. Everything was on a local network and was staffed 24/7. However, even in that situation, they are still vulnerable to outside attacks if someone is able to get on their local network. Especially since this plant still needed a way to communicate with other manufacturing plants throughout the company. And with all the contractors and 3rd party vendors that are constantly coming in and out of the facility, it wouldnt be hard to get in.
All that being said, most water and wastewater plants have fail safe's in place and can be run locally if something like this happened. From hardwired alarms in MCCs and control panels with relays and switches that will shut down the equipment if one of the alarms is tripped, to local control stations that you can manually operate the equipment at locally inputted set points.