News on the Oldsmar, Florida, water treatment incident
Local authorities around Oldsmar, Florida, have grown increasingly tight-lipped about the attack on the town's water system, with the Pinellas County Sheriff discouraging any municipal officials from discussing what is, as they say, an ongoing investigation. "[A]t the request of Pinellas County Sheriff Gualtieri, the City will not comment any further on this matter as it is an on-going investigation of the Sheriff, FBI and Secret Service." Detectives are on the case, they say, and the Sheriff wants the public to understand that it wasn't in any danger.
The Federal Government's advisory on the matter, issued last Thursday, urged utilities to move on from Windows 7 and to take other steps to improve digital hygiene and lock their networks down to prevent similar incursions into control systems. The Wall Street Journal on Friday published an overview of the complex and variegated state of security at water utilities. There are more than fifty-thousand of them, and they're relatively unregulated with respect to cybersecurity, compared, the Journal notes, to electrical power utilities. (Control Global blogs a brief overview of other incidents at, and tests of, water utility control systems.) In fairness to those utilities, a number of them are saying that they've been preparing for attacks of this kind for years.