Fewer than 6% of U.S. water utilities' human-machine interfaces were online in a read-only or unauthenticated state last month following the discovery of almost 400 internet-exposed HMIs in the sector late last year, less than a quarter of which were authenticated then, Cybersecurity Dive reports.
Both states, which could lead to configuration and HMI compromise, have been remediated by almost 25% and nearly 60% of utilities across the country within nine days and a few weeks of being notified, respectively, according to an analysis from Censys. Impacted systems, which were found to have leveraged the same browser-based HMI/SCADA software, have been addressed with the assistance of the Environmental Protection Agency. Such a development follows an EPA Office of the Inspector General report detailing that more than 100 million individuals across the U.S. were at risk of cybersecurity incidents involving the exploitation of medium to critical severity water system vulnerabilities.
Both states, which could lead to configuration and HMI compromise, have been remediated by almost 25% and nearly 60% of utilities across the country within nine days and a few weeks of being notified, respectively, according to an analysis from Censys. Impacted systems, which were found to have leveraged the same browser-based HMI/SCADA software, have been addressed with the assistance of the Environmental Protection Agency. Such a development follows an EPA Office of the Inspector General report detailing that more than 100 million individuals across the U.S. were at risk of cybersecurity incidents involving the exploitation of medium to critical severity water system vulnerabilities.
