Water Treatment Plant Hack Kicks Off RSA Conference

This year’s RSA cybersecurity conference in San Francisco kicked off Monday with a simulated ransomware attack on a water treatment plant and a new study showing nearly half of Americans think the U.S. is more vulnerable to cyberattacks under President Donald Trump.

The ransomware attack was launched by researchers at the Georgia Institute of Technology who were able to shut down valves, adjust chlorine levels and falsify readings in the simulated plant, according to a press release.

The demo combines two attack vectors that have caused high concern within the cybersecurity industry in recent years: ransomware attacks, in which attackers lock up and encrypt systems until the victim pays up, and critical infrastructure attacks that could cause massive damage and even loss of life.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

Attacks against industrial control systems, such as water treatment plants, have long concerned government officials but are comparatively rare.  

Industrial control systems, many of which were not initially intended to be connected to the internet, are notorious for having weak security protections such as default passwords. However, ICS systems also rely on specialized architecture that few hackers are expert in.

“We are expecting ransomware to go one step farther, beyond the customer data to compromise the control systems themselves,” one of the Georgia Tech hackers, Ph.D. student David Formby said in a statement. “That could allow attackers to hold hostage critical systems such as water treatment plants and manufacturing facilities.”

Spectacular hacking demonstrations have become a mainstay of the RSA Conference in recent years.

Also on day one of RSA, a survey released by the cybersecurity firms Kaspersky Lab and HackerOne found that 44 percent of American adults think the nation is more vulnerable to cyber espionage or nation state-backed cyberattacks with Trump in office. The other 56 percent think the risk isn't higher than before. 

The survey also found that 63 percent of Americans between the ages of 25 and 43 think they should be personally responsible for ensuring their data is protected during online transactions while 74 percent of Americans over 55 believe retailers should be responsible for protecting their data. 

A separate survey from Moody’s Investors Service found that cybersecurity now ranks among top concerns for insurance agency executive boards