please we are lucky - this is being reported maybe 10% of the time. 90% of the time the Gov has no idea WHAT is on their network.
this is at a Water plant in PA, do you think for one minute that a plant in New York City is any safer? We need to stop pointing fingers and get this fixed.

Todd,

Please go back and read the comment from Hugh Jourbe. There is no way for someone in Korea, or Iraq, or Iran , or (fill in your favorite foreign enemy here) to hack into a system that is not connected to the 'net. The only people responsible for this are the folks in charge of the water facility; you can't blame Bush, The Donald (Rumsfeld, that is) or any other politico. If the water people want easy remote access, this is the risk they run.

Or are you suggesting that the entire Republican Party is in charge of all infrastructure, everywhere? If they're not, they're not responsible.

How can the Republican's be in charge of the network infrastructure if Al Gore invented the Internet? Doesn't that give him ownership rights? I doubt he would have sold them....

Looks like Todd thinks he has to scream in order to be heard. If what you have to say is worth listening to you shouldn't have to scream to be heard.

Unfortunately, this is far from an uncommon event. Our organization, in concert with numerous government agencies, have been researching SCADA security and compiling undocumented intrusions for years now in an effort to provide products that protect against them. We have found that the problem is extremely pervasive and ubiquitous across many critical verticals, and not just commonly noticed ones such as power generation and water treatment. The most frightening component is the ease in which these network intrusions are accomplished. The systems in place to operate global Critical Infrastructure are antiquated and simply not designed with advanced security protocols in place to protect these SCADA and process control networks.

I am not here to hand wave, as there are many concerted efforts and security initiatives being put in place to address this issue. But we must realize that the problem lies not in identifying and protecting against the known vulnerabilities, it’s in our ability to think like a hacker and staying ahead to shore up the holes we don't yet know are there. It’s a fact that the companies and people who manufacture, deploy, and operate the control systems which we rely on are highly-skilled control engineers, and not insidious hackers, which one has to assume adds to the complexity of the overall issue – the balance between operational integrity and security. In any event, rest assured that there are very smart people working on this extremely important problem.

First of all, it is not Clinton's responsibility for lack of Internet security. It is Al Gore's because he invented the Internet!

Secondly, I am surprised that the Harrisburg Water System needs computers except for billing. The city's water system is gravity fed. A billion gallon resivoir feeds two covered 8MM gallon resivoirs at the highest point in town. Water is gravity fed to all customers. How many computers does it take to control gravity? OK, they do filter the water just in case some bear crap or deer urine finds its way into the mountain streams that feed the resivoir. And they may add chlorine from time to time, but they could throw away the computers and the system would still operate just like it did in the early 1950's.

The absolute disgrace is the fact that people try to take any event of this nature and attempt to play it into a political circus for the voting week. Bush, Rumsfeld, etc. have absolutely NO control over the vulnerabilities that lie in software. You can thank microsoft for 90% of the computer security problems. Bush is not a system administrator and Rumsfeld is not a programmer. How you slanderous fools deep 6 the BS spin, twists and lies, and put some of this obnoxious energy into something useful, rather than trying to sway votes on every little incident to come down the pipes. No pun intended.

With all due respect to the above comments from those that surely must not have read the end of paragraph 7 of the original article I am 100% sure that each and every informed citizen of the United States of America would agree that U.S. National Water System Perfection, Purity, and Security should be "THE MOST IMPORTANT INFRASTRUCTURE ISSUE" since that system "enters into" each and every U.S. citizen's home & workplace and whose product "enters into" each and every U.S. citizen's body. FAILURE IS NOT AN OPTION, UNACCOUNTABILITY IS NOT AN OPTION, AND SPENDING TRILLIONS ON THE FRAUDULENT NON-THREAT OF IRAQ WHILE ENRICHING MILITARY INDUSTRIAL "FAT CATS" AT THE EXPENSE OF WATER SYSTEM INTEGRITY, PERFECTION, PURITY, AND SECURITY IS "CRIMINAL" AND "OUTRAGEOUS".

Good grief, I'm surrounded by morons. Do any of you actually believe that an email server would be hooked up to the same network as the water treatment control system? Ngh-arg! That's like assuming the Air Traffic Control Towers can be hacked because, after all, they have computers in them. Geeez! This is petty tripe that only made it to the news because it's a public utility.

So here's the nightmare scenario for all you fear-mongers: Crazed Iranians from North Korea hack into the water supply system and direct the robot arm conveniently dangling over the vat with a vial of anthrax to drop it's load. All water-guzzling Americans die within a week. Iran/North Korea launches an attack against the few drunks left behind that had the foresight to swill nothing but beer. We'd beat 'em anyway. Eeeeee-Haaa!!!

"I should have destroyed this pathetic planet when I had the chance back in '51." - GORT

No, Todd. There was no mistake. You very plainly tried to blame republican leadership for flaws in software which they had absolutely NOTHING to do with the design or installation of. You claimed, quite clearly that it is republican fault that this machine got hacked, and turned it into yet another slanderous "Vote Democrat" propaganda. People like you really need to get out and get educated on the matters they wish to address be4fore trying to turn it into agenda driven hoo-haa.

Though I am not totally illiterate about computers and how one can get access to other computers, it did give me a scare to think that someone could actually cause everyone a lot of harm throught taping into a computer such as the one that deals with the water supply for everyone. You never think about them taking that route. It really gives one something to think hard about now.

The article "Hacker Penetrates Water System Computer" is not correct. A Harrisburg treatment plant was not hacked into. Mr. Esposito has been notified but has refused to make the correction. Now the incorrect information is spreading. I expect more from ABC News.

I'm not naive or gullible, but Todd has something. We've spend Billions in Iraq stirring up a hornet's nest, and patted our back here on how much safer we are, while ignoring real threats and holes in security.

No, bush didn't hack the computer or leave it plugged in to be hacked, but he did say he was winning the War on Terror, when we all know its just begun.

The fault of the Repubs is in the record. They cut taxes, quadrupiled spending, bought some police dogs new kevlar vests, and pat themselves on the back for being "Tough on Terror".

Todd,
Get a grip. There are thousands of water systems in the US, all operating independently of each other. Planting a virus or spyware on one computer in one system does not put our entire drinking water infrastructure at risk. Besides even if a hacker could take control of a sytem, about the worst he could do is shut it down, and that would only be for a few hours at the most, until the employees restored manual operation.
Your ranting brings back memories of the Y2K fiasco perpetuated in the late 90s that was going to shut down all the utilities in the country because the "government" hadn't done anything to correct the "bug". (BTW, I believe Clinton/Gore were "the government" back then).
As previous commentors have said, until you know what you are talking about, keep quiet and find something useful to do.

I blame Reagan.

Amazing how you folks (the media) can look yourselves in the eye every morning and say you're professionals. Its so clear how you skew the truth and twist and obfuscate to further an agenda in support of your political views rather than being JOURNALISTS and chronicling historical, global, and local events in an unbiased and impartial fashion as the title implies. I also find it ironic how you covet a prize named after one of the biggest yellow journalists to ever to disgrace the business... Joseph Pulitzer. It is true that no one ever confused a journalist with being intelligent.... quite comical actually...

The constant tension over meeting demand for the insatiable needs of industry and consumers for water supplies shows no signs of abating as also the heated debate on here shows. In recent times, concerns about supply have seen prices spike, and no end is in sight. However, with limited supplies and extreme shortages over the hot summer months, it is important that the industry and the government notes the potential threat posed to these vital industrial networks. These networks are based on standard Ethernet technology and just like in an office network viruses and malware can disable water supply; create havoc for energy suppliers and their customers. Security solutions for these industrial networks need to be implemented now and bolt-on devices that can be installed whilst the network is running will be ideal.

The water plant system hackis an example of system control and data acquisition (SCADA) vulnerability.

SCADA systems did not consider security in their design; they were discrete, separate from the corporate LAN. Most SCADA systems are older, and have been very reliable, slowing the pace of development in their security. It is unlikely the average person is aware of how readily are SCADA systems exposed if security is not thoroughly considered.

Retrofitting security appliances is a start, but is a bandaid.

Roger check it out