Archived version: https://archive.ph/vmEpv
Archived version: https://web.archive.org/web/20231224092642/https://www.fastcompany.com/91002831/us-water-utilities-hacked-cybersecurity
Archived version: https://archive.ph/vmEpv
Archived version: https://web.archive.org/web/20231224092642/https://www.fastcompany.com/91002831/us-water-utilities-hacked-cybersecurity
I’m too drunk to read the whole thing, but I have an anecdote that is related.
Years and years ago one of my customers was a city. They had SCADA systems to control and monitor the city water. Originally there was no way to access the Internet from the control machines and no way to access those machines from the Internet.
Well, they got a new boss at the water department and he wants to check it from home. He’d been told that’s a bad idea repeatedly. Eventually my boss got some folks at the city to sign a document saying we don’t recommend it and they accept the risks and I get him remote access.
Time moves on several months and suddenly half the city has no water. Anyone care to guess why? Anyone care to guess who the city tried to blame? Because that person and the MSP they worked for would have been fucked if not for a nice waiver showing that we said this would happen.
I so hope that person got successfully sued.
Nope. No consequences at all. He was around for a while after that, same position. A quick glance at LinkedIn shows he owns/runs a hotdog joint now. That’s not something I would have guessed.