When you fine the person, since he likes to play with water systems, let's do some waterboarding with him. Maybe his fondness for playing with water will change.

This is absolutely the most outrageous & scariest report I have every seen since the public water system virtually reaches every household & citizen in America. And human beings are 80% water!!! How smart is it America that George Bush, Richard Cheney, Donald Rumsfeld, Paul Wolfawitz, and Michael Hayden are allowed to continue to commit epic criminal deceptions to further a NEO-CON REPUBLICAN Agenda, further irritate a Hornet's Nest in The Middle East while personally pocketing trillions that could be spent on a Perfect, Pure, and Secure National Water System. I believe that Water System Security is "The Most Urgent & Important" infrastructure project in the United States of America that we should spend those trillions on perfecting and securing since that is one of the few systems that enters into every U.S. citizen's home and whose product enters into every U.S. citizen's body. My fellow Americans, you have 7 days to make up your mind: If you want to continue spending trillions on IRAQ while enriching George Bush Sr., George Bush Jr., Richard Cheney, Donald Rumsfeld, Paul Wolfowitz, and Michael Hayden then vote 100% REPUBLICAN. If you want to stop spending trillions on IRAQ while enriching the Military Industrial "FAT CATS" and spend those trillions on AMERICA FIRST to perfectly upgrade, purify, protect, and secure the United States of America's Water Supply Infrastructure System then vote 100% Democratic for AMERICA FIRST. IT REALLY IS THAT SIMPLE!!!!

um i have a well in a very deep aquifer so let them play their games....lol

What did this story have to do with the Republicans or George Bush? Absolutely nothing.

Mandrake, there's a reason the Russkies drink vodka - they won't risk polluting their own precious bodily fluids.

-- Jack T. Ripper, in launching a NORAD attack in "Dr. Strangelove"

This story has to do with protecting Americans against "REAL THREATS" and allocation of trillions of dollars of the Citizens of The United States of America. The current NEO-CON controlled White House, Senate, and Congress has failed to address & nullify "REAL THREATS" to America and all of humanity and they have de-frauded Congress and the United States of America and its citizens and have spent 3 trillion dollars in five years on what? just when 1/3 of our population (baby boomers) will start retiring. In the "REAL WORLD" when employees fail to perform their job after 1 year (it has now been 5) they are FIRED!!! In the "REAL WORLD" when citizens commit crimes they are arrested, indicted, tried, and either aquitted or convicted. George Bush Jr., Richard Cheney, Dennis Hastert, Donald Rumsfeld, Paul Wolfawiwitz, and Michael Hayden have not performed their jobs and have committed TREASON, MURDER, FRAUD, CONSPIRIACY, and some have lied to the FBI (a FELONY).

This is kind of hyped. It is likely that the intruder didn't know or care that it was a water filtering plant. The fact that the cracker installed code on the server that could have crashed it and "affected the plant's water treatment operations" is true, but hype. All this points out is that systems can be cracked, and that allowing remote VPN access into a company's network is just asking for this type of intrusion. The weakest link was the employee's laptop. We all know the only way to truly secure a system from remote attack is to unplug it.

At-a-boy Todd. You've nailed them. The republican political ads here in Texas are going naked.
Meaning, there is never a reference or identification of party affilitation if they are Republican. It's hillarious!!!

this hacker is smart.Water is important

Hi Phyllis if the REPUBLICANS have had TOTAL and UNACCOUNTABLE POWER for 5 years and are proud of their track record then why would they need to campaign naked??? You know what astonishes me is how easily these men manipulated & deceived CONGRESS, THE UNITED STATES OF AMERICA and its Citizens, and the whole world. I mean come on wouldn't you rather spend 3 trillion on AMERICA instead of IRAQ??? or even better yet since 1/3 of our population will start retiring shouldn't we have used those trillions to prepare for that????

WATER IS THE MOST IMPORTANT!!!! SECURITY & QUALITY FOR THE WATER SYSTEM SHOULD EQUAL THAT OF ANY NATIONAL CRITICAL INFRASTRUCTURE, ESPECIALLY SINCE THIS SYSTEM "ENTERS INTO" EVERY U.S. CITIZEN'S HOME & WORKPLACE AND "ENTERS INTO" EVERY U.S. CITIZEN'S BODY. HELLO, WE, AS HUMANS, ARE 80% WATER. SINCE YOUR BODY USES WATER TO CREATE ENERGY WOULDN'T YOU LIKE TO KNOW THAT THE LIFE FORCE IN WATER IS OF THE HIGHEST QUALITY, PERFECTLY PURE, AND ABSOLUTELY UNADULTERATED BY HOSTILE PARTIES. ANYONE WHO DISREGARDS THIS AS UNIMPORTANT AND WORKS IN GOVERNMENT SHOULD BE FIRED!!!!

What a joke - "Korean" infiltrators. Sure.

Next thing we know Korea will be harboring terrorists. Or do they already? LoL

Sounds more to me like the City of Harrisburg needs a new IT person with a brain. I mean, if a "hacker" can get past a security point from "Korea", even using a remote login through an employees laptop, then they have a lot more problems then kiddie hackers.

I wouldn't be drinking the water in Harrisburg.

we are living in a REAL world, facing a mountain of threats coming from VIRTUAL world! The development ad nauseam of hi-techs are somtimes dangerous! be wary!

Todd,

I read your response to the article about a water treatement facility compromised by a hacker, and was a bit taken aback at the position you adopted. A FOREIGN HACKER penetrates a domestic water treatment facility and its somehow Bush's fault? I happen to be a security researcher and I will tell you first hand that this is not a failure of our government, or of the laws, or the economy, or anything else like that. It is a failure of the COMPANY that owns the water facility, and the TECHNOLOGY VENDORS that create such vulnerabilities in our products. Now, don't let that stear your attacks at them, a deteremined hacker will ALWAYS get in somehow. Anyone that wants to go after a target will have no problem doing it, its only a matter of determination and time, and not a greater political issue.

While I can agree with you that some things going on in the government are not ideal, we can't blame the Republicans and Bush for every hang nail out there. Bush hatred and blaming people that are not responsible for petty criminal acts is no way so solve the problem. You obviously have a lot of passion, put it to good use at dozens of industry events I go to every year, the hundreds of customer meetings, and the thousands of emails that I have to go through all the time as someone that is truly trying to wake up the country and the world to the danger that exists within our critical infrastructure. Understanding the problem and then targeting the areas where you can actually do some good is the only way to go. Blaming without full understanding or without taking some kind of responsible action helps no one.

I can certainly appreciate your passion about the subject, I happen to be very passionate about this one as well, but I believe that throwing blame is no way to solve the problem, there are a number of us out there that are putting our blood, sweat, and lives into protecting everyone, including you, out there.

Looks like Tod Reselli needs to find something to occupy his time.

It's the Internet folks. If we did away with the Internet, we could prevent this type of attack.

No, wait, I like my Internet access too much. How else could I blame the Republicans for this debacle.

Oops, maybe it's the Democrats. I read someplace that Clinton's neglect of security in the 1990s caused the current state of affairs.

But come to think of it, this could be North Korea. Mind you, I didn't know anything about North Korea when my only source of knowledge was the old-fashioned book. Now with the Internet, though, I am an expert...at least in this blog.

By golly, I just said Internet. Isn't that what we have to blame? Or is it Al Gore who invented the Internet?

Get a Life! to all those Bush hating people who think everything is a federal issue. Who use blogs to push their outdated liberal "I'll take your money in taxes" and grow the economy. Your time is better spent gonig to scholl and taking Economics 101!

Oh yes, blame Bush and the Republicans. How idiotic. Yes, and also the high prices for Gas is Bush's fault and the failing economy.

Guess what people? We are responsible for ourselves. Don't scapegoat. Fix it.

BTW, no one blames the Pres when gas prices fall and the economy booms...LIKE NOW.

It's guys like Todd that make politics so despicable. In your minds, anything that happens is a good chance to attack your political opponents in a sorry attempt to further your own political agenda, be it nomination or just winning favor for a particular political party.

And also, don't be so quick to assume that spending a ridiculous amount of money on computer systems will make them untouchable. There is no such thing as a perfectly safe computer system. Period. If it transfers data, there is a way to take control of it. This does not mean I am supporting the war in Iraq, nor am I claiming to be against it. That is a totally separate matter, and has NOTHING to do with a cyber miscreant trying to spread spam and pirated software.

And turn off your damned caps lock key. YOU DON'T NEED TO YELL EVERYTHING THAT GOES THROUGH YOUR MIND!!! That's just annoying.

I think the easiest way to solve this type of hacker problem is to simply have a SEAL team give them a 'bon voyage' party.

Any type of attack on a security asset such as a water treatment plant should be handled as a terrorist activity. Intended or not, these hackers could have done some serious damage, and as a society we cannot allow them to get the impression that such attacks will be tolerated.

Once hackers realize the stakes involved, I think most of these pimple faced geeks will decide to put their talents to better use (such as hacking the RIAA website).

please we are lucky - this is being reported maybe 10% of the time. 90% of the time the Gov has no idea WHAT is on their network.
this is at a Water plant in PA, do you think for one minute that a plant in New York City is any safer? We need to stop pointing fingers and get this fixed.

Todd,

Please go back and read the comment from Hugh Jourbe. There is no way for someone in Korea, or Iraq, or Iran , or (fill in your favorite foreign enemy here) to hack into a system that is not connected to the 'net. The only people responsible for this are the folks in charge of the water facility; you can't blame Bush, The Donald (Rumsfeld, that is) or any other politico. If the water people want easy remote access, this is the risk they run.

Or are you suggesting that the entire Republican Party is in charge of all infrastructure, everywhere? If they're not, they're not responsible.

How can the Republican's be in charge of the network infrastructure if Al Gore invented the Internet? Doesn't that give him ownership rights? I doubt he would have sold them....

Looks like Todd thinks he has to scream in order to be heard. If what you have to say is worth listening to you shouldn't have to scream to be heard.

Unfortunately, this is far from an uncommon event. Our organization, in concert with numerous government agencies, have been researching SCADA security and compiling undocumented intrusions for years now in an effort to provide products that protect against them. We have found that the problem is extremely pervasive and ubiquitous across many critical verticals, and not just commonly noticed ones such as power generation and water treatment. The most frightening component is the ease in which these network intrusions are accomplished. The systems in place to operate global Critical Infrastructure are antiquated and simply not designed with advanced security protocols in place to protect these SCADA and process control networks.

I am not here to hand wave, as there are many concerted efforts and security initiatives being put in place to address this issue. But we must realize that the problem lies not in identifying and protecting against the known vulnerabilities, it’s in our ability to think like a hacker and staying ahead to shore up the holes we don't yet know are there. It’s a fact that the companies and people who manufacture, deploy, and operate the control systems which we rely on are highly-skilled control engineers, and not insidious hackers, which one has to assume adds to the complexity of the overall issue – the balance between operational integrity and security. In any event, rest assured that there are very smart people working on this extremely important problem.

First of all, it is not Clinton's responsibility for lack of Internet security. It is Al Gore's because he invented the Internet!

Secondly, I am surprised that the Harrisburg Water System needs computers except for billing. The city's water system is gravity fed. A billion gallon resivoir feeds two covered 8MM gallon resivoirs at the highest point in town. Water is gravity fed to all customers. How many computers does it take to control gravity? OK, they do filter the water just in case some bear crap or deer urine finds its way into the mountain streams that feed the resivoir. And they may add chlorine from time to time, but they could throw away the computers and the system would still operate just like it did in the early 1950's.

The absolute disgrace is the fact that people try to take any event of this nature and attempt to play it into a political circus for the voting week. Bush, Rumsfeld, etc. have absolutely NO control over the vulnerabilities that lie in software. You can thank microsoft for 90% of the computer security problems. Bush is not a system administrator and Rumsfeld is not a programmer. How you slanderous fools deep 6 the BS spin, twists and lies, and put some of this obnoxious energy into something useful, rather than trying to sway votes on every little incident to come down the pipes. No pun intended.

With all due respect to the above comments from those that surely must not have read the end of paragraph 7 of the original article I am 100% sure that each and every informed citizen of the United States of America would agree that U.S. National Water System Perfection, Purity, and Security should be "THE MOST IMPORTANT INFRASTRUCTURE ISSUE" since that system "enters into" each and every U.S. citizen's home & workplace and whose product "enters into" each and every U.S. citizen's body. FAILURE IS NOT AN OPTION, UNACCOUNTABILITY IS NOT AN OPTION, AND SPENDING TRILLIONS ON THE FRAUDULENT NON-THREAT OF IRAQ WHILE ENRICHING MILITARY INDUSTRIAL "FAT CATS" AT THE EXPENSE OF WATER SYSTEM INTEGRITY, PERFECTION, PURITY, AND SECURITY IS "CRIMINAL" AND "OUTRAGEOUS".

Good grief, I'm surrounded by morons. Do any of you actually believe that an email server would be hooked up to the same network as the water treatment control system? Ngh-arg! That's like assuming the Air Traffic Control Towers can be hacked because, after all, they have computers in them. Geeez! This is petty tripe that only made it to the news because it's a public utility.

So here's the nightmare scenario for all you fear-mongers: Crazed Iranians from North Korea hack into the water supply system and direct the robot arm conveniently dangling over the vat with a vial of anthrax to drop it's load. All water-guzzling Americans die within a week. Iran/North Korea launches an attack against the few drunks left behind that had the foresight to swill nothing but beer. We'd beat 'em anyway. Eeeeee-Haaa!!!

"I should have destroyed this pathetic planet when I had the chance back in '51." - GORT

No, Todd. There was no mistake. You very plainly tried to blame republican leadership for flaws in software which they had absolutely NOTHING to do with the design or installation of. You claimed, quite clearly that it is republican fault that this machine got hacked, and turned it into yet another slanderous "Vote Democrat" propaganda. People like you really need to get out and get educated on the matters they wish to address be4fore trying to turn it into agenda driven hoo-haa.

Though I am not totally illiterate about computers and how one can get access to other computers, it did give me a scare to think that someone could actually cause everyone a lot of harm throught taping into a computer such as the one that deals with the water supply for everyone. You never think about them taking that route. It really gives one something to think hard about now.

The article "Hacker Penetrates Water System Computer" is not correct. A Harrisburg treatment plant was not hacked into. Mr. Esposito has been notified but has refused to make the correction. Now the incorrect information is spreading. I expect more from ABC News.

I'm not naive or gullible, but Todd has something. We've spend Billions in Iraq stirring up a hornet's nest, and patted our back here on how much safer we are, while ignoring real threats and holes in security.

No, bush didn't hack the computer or leave it plugged in to be hacked, but he did say he was winning the War on Terror, when we all know its just begun.

The fault of the Repubs is in the record. They cut taxes, quadrupiled spending, bought some police dogs new kevlar vests, and pat themselves on the back for being "Tough on Terror".

Todd,
Get a grip. There are thousands of water systems in the US, all operating independently of each other. Planting a virus or spyware on one computer in one system does not put our entire drinking water infrastructure at risk. Besides even if a hacker could take control of a sytem, about the worst he could do is shut it down, and that would only be for a few hours at the most, until the employees restored manual operation.
Your ranting brings back memories of the Y2K fiasco perpetuated in the late 90s that was going to shut down all the utilities in the country because the "government" hadn't done anything to correct the "bug". (BTW, I believe Clinton/Gore were "the government" back then).
As previous commentors have said, until you know what you are talking about, keep quiet and find something useful to do.

I blame Reagan.

Amazing how you folks (the media) can look yourselves in the eye every morning and say you're professionals. Its so clear how you skew the truth and twist and obfuscate to further an agenda in support of your political views rather than being JOURNALISTS and chronicling historical, global, and local events in an unbiased and impartial fashion as the title implies. I also find it ironic how you covet a prize named after one of the biggest yellow journalists to ever to disgrace the business... Joseph Pulitzer. It is true that no one ever confused a journalist with being intelligent.... quite comical actually...

The constant tension over meeting demand for the insatiable needs of industry and consumers for water supplies shows no signs of abating as also the heated debate on here shows. In recent times, concerns about supply have seen prices spike, and no end is in sight. However, with limited supplies and extreme shortages over the hot summer months, it is important that the industry and the government notes the potential threat posed to these vital industrial networks. These networks are based on standard Ethernet technology and just like in an office network viruses and malware can disable water supply; create havoc for energy suppliers and their customers. Security solutions for these industrial networks need to be implemented now and bolt-on devices that can be installed whilst the network is running will be ideal.

The water plant system hackis an example of system control and data acquisition (SCADA) vulnerability.

SCADA systems did not consider security in their design; they were discrete, separate from the corporate LAN. Most SCADA systems are older, and have been very reliable, slowing the pace of development in their security. It is unlikely the average person is aware of how readily are SCADA systems exposed if security is not thoroughly considered.

Retrofitting security appliances is a start, but is a bandaid.

Roger check it out