login register unsubscribe from alerts forgot password? spacer
Water Today Title July 7, 2022

HOMEspacer | ABOUT spacer | MAPS spacer | ADVISORY INFO spacer | A TO Z spacer | WT-TECH spacer | FREE WATER ALERTS spacer SIGN-UPspacer |LOGIN


Update 2017/5/17
Water Security


By Cori Marshall

This story is brought to you in part by Roving Blue Vancouver

WannaCry ransomware has been making headlines since late last week. The campaign has literally hijacked machines and data all over the world holding computer systems for ransom. What is it, what can it do, and importantly what effect can it have on water treatment?

Dan Scali, ICS Spokesperson at FireEye, said "WannaCry (aka WCry or WanaCryptor) malware is highly-prolific, self-propagating ransomware that spreads through internal networks and over the public internet by exploiting a vulnerability in Microsoft Server Message Block (SMB) protocol." Scali added that "the malware appends encrypted data files with the .WCRY extension, drops and executes a decryptor tool, and demands $300 or $600 USD (via Bitcoin) to decrypt the data."

We spoke with Mihir Kapadia, Vice President of Engineering at N-dimension Solutions, for more insight. He said that the SMB protocol vulnerability "was known to vendors, Microsoft had released a patch addressing the issue in March." Microsoft also released the patch addressing the issue in past editions of Windows.

Scali said that FireEye "has been unable to corroborate information," from reports that suggested that the ransomware had been spread through links in spam messages.

Kapadia added that "there is no definitive answer, yet, as to how WannaCry actually enters a system."

Computer systems are indispensible tools, everywhere, even in water treatment plants. Could ransomware infect the computer systems of treatment plants, and once infected what could the attackers manipulate the system to do?

Scali said that "many industrial automation systems, including those used in the water and chemical industry, use Microsoft Windows-based PCs that are vulnerable to the exploit used to propagate WannaCry."

Dan McMillan Senior Operator at the Dawson Creek Water Treatment Plant confirmed that the, plantís systems operated on a Windows-based platform. McMillan added that "the plantís terminal computers which are used to log into the data are connected to the public internet, but the "main [supervisory control and data acquisition system (SCADA)] has no access to the internet and is stand alone," meaning it has no direct connection to the web.

Scali explained that automated networks are usually protected "from other untrusted networks such as the IT network or the internet." This doesnít happen everywhere and the system can be misconfigured. Scali assured that "If industrial automation systems are left unpatched and exposed to SMB communications from untrusted networks, such as the IT network or the Internet, they are at risk of being compromised."

Should industrial control systems become infected, like systems in water treatment plants, "the machine may not be able to do its function on the industrial network," according to Kapadia. He added that "if the core applications of the system become encrypted, it could have a widespread impact on your water network."

Both Scali, and Kapadia recommend the MS17-010 patch to protect against WannaCry.

Modern water treatment is dependent on computers in many areas to automate processes. With the ease of remote access to the systems data, using the internet, how safe are these processes and how safe is your water? The information age has created a virtual threat to the safety of drinking water. It would appear that the best way for treatment plants to ensure the delivery of safe water is to have multiple levels of cyber protection.

Related info

bullet A to Z
bullet Advisory Maps

For articles published before 2020, please email or call us

Have a question? Give us a call 613-501-0175

All rights reserved 2022 - WATERTODAY - This material may not be reproduced in whole or in part and may not be distributed,
publicly performed, proxy cached or otherwise used, except with express permission.