The United States aims to protect critical sectors from cyber attacks

Washington (AP) — Biden administration’s top executives embark on a new initiative to help the government protect utilities, water districts and other critical industries from potentially damaging cyberattacks. It states that there is.

“Our aim is to ensure that control systems serving more than 50,000 Americans have core technology to detect and block malicious cyber activity,” said National Security Adviser. Official Anne Neuberger said in an interview with the Associated Press Thursday. Sentence. It’s a clear and clean goal, but it takes a lot of work to reach it. “

Public-private partnerships reflect government concerns about the vulnerability of critical systems, including power grids and water treatment plants, to hacking, which can have devastating consequences for American life. Although the government has a history of working with utilities, authorities believe the threat is increasing as more utilities connect to the Internet, and the Biden administration swiftly protects the systems that manage utilities. I want to proceed.

Meanwhile, the administration has been working on two major cyber intrusions in the first 60 days. At first, Russian hacker steals malicious code For software updates pushed to thousands of government agencies and private companies. The second is more Extensive hacking affected Microsoft Exchange email programs..

Microsoft One-click tool to solve problems After the White House advised the company to find an easy way to clean up from hacking. As a result, the number of compromised systems has dropped from 100,000 to less than 10,000 and “continues to decline,” Neuberger said.

She said one idea that came up was whether Microsoft could push patches to all compromised systems and effectively “vaccinate” them. Although determined to be non-functional in this case, the government will continue to work with the private sector to explore ideas for future patch possibilities.

Neuberger is also so-called SolarWinds hack, A Russian hacker suspect has violated at least nine different federal agencies. AP reported this week Hackers can now access email accounts owned by the Trump administration’s Head of Homeland Security and members of the ministry’s cybersecurity staff who include foreign hunting threats in their work.

Neuberger said some of the nine affected agencies had “gaps” in their basic cybersecurity defenses, hampering officials’ ability to determine what hackers had access to. ..

She reviewed how SolarWinds hacks occurred and found five specifics, including the use of technology to continuously monitor malicious activity and increased use of multi-factor authentication to prevent access to the system. He said he identified a modernization effort in. Only stolen passwords.

The threat to critical infrastructure came in February A failed attempt by a hacker to poison a water supply in a small city in Florida It warned how vulnerable the country’s utilities were to attacks by more sophisticated intruders.

Local sheriffs said that when an unknown hacker temporarily increased the amount of lye (sodium hydroxide) by a factor of 100 using a remote access program shared by factory workers, the water supply for Oldsmer with a population of 15,000 Said that was temporarily endangered. It is used to reduce acidity, but at high concentrations it is very caustic and can burn. It is contained in the drain pipe cleaning agent.

A supervisor monitoring the plant console around 1:30 pm saw the cursor move over the screen to change settings and was able to quickly get it back. The intruder entered and exited in 5 minutes. Experts say that suspicious cases are rarely reported and are usually chalked to mechanical or procedural errors. There are no federal reporting requirements, and state and local rules vary widely.

The country’s 151,000 public water systems lack the financial strength of corporate owners of nuclear power plants and utilities. They are heterogeneous patchwork and have less uniformity of technology and security measures than in other rich countries.

on Wednesday, Federal prosecutor indicts a man in Kansas They said they had access to protected computer systems in rural water districts without permission and “performed activities to shut down facility processes affecting facility cleaning and disinfection procedures.”