IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

New York Water System Audit Finds Cybersecurity Flaws

An audit by the New York State Comptroller's Office found cybersecurity electronic access vulnerabilities for the water system in upstate Middleton, N.Y., using a simulated cyberattack to find holes in the defenses.

(TNS) — An audit by the New York State Comptroller's Office found cybersecurity electronic access vulnerabilities for the city of Middelton's water system.

Jacob Tawil, commissioner of public works for the city, said state-hired technology experts conducted a thorough investigation, including simulating a cyberattack on the city's water system, and found holes in the policies and procedures that could have allowed a hacker to tap into the city's networked water system.

"I don't say that about state audits all the time, sometimes I butt heads with them, sometimes we don't agree on everything, but this time it's absolutely timely, needed and it should be done if not annually every three-to-five years by the state to make sure every commitment made is implemented because there are really bad people out there," Tawil said Thursday.

"Adequate" policies and procedures were not in place to document information technology employee security duties, to guide employee usage of portable devices, or to require monitoring of networked water system devices, according to the state Comptroller's report from November. Technology security awareness training was also not provided to employees.

That has been or is in the process of being changed and addressed, Tawil said. Annual training for employees will be implemented and the city has contracted an IT firm to handle the city's water security systems. The council and the mayor have told Tawil if he needs additional resources to make improvements happen, he can have them, he said.

The city has 7,443 water connections, 28,400 customers and provided 811.3 million gallons of water production in 2017, according to the Comptroller's Office. It provided $6.7 million in metered water sales. The audit period was from Jan. 1, 2017, to Sept. 21, 2018.

©2019 The Times Herald-Record, Middletown, N.Y. Distributed by Tribune Content Agency, LLC.

Special Projects
Sponsored Articles
  • How the State of Washington teamed with Deloitte to move to a Red Hat footprint within 100 days.
  • The State of Michigan’s Department of Technology, Management, and Budget (DTMB) reduced its application delivery times to get digital services to citizens faster.

  • Sponsored
    Like many governments worldwide, the City and County of Denver, Colorado, had to act quickly to respond to the COVID-19 pandemic. To support more than 15,000 employees working from home, the government sought to adapt its new collaboration tool, Microsoft Teams. By automating provisioning and scaling tasks with Red Hat Ansible Automation Platform, an agentless, human-readable automation tool, Denver supported 514% growth in Teams use and quickly launched a virtual emergency operations center (EOC) for government leaders to respond to the pandemic.
  • Sponsored
    Microsoft Teams quickly became the business application of choice as state and local governments raced to equip remote teams and maintain business continuity during the COVID-19 lockdown. But in the rush to deploy Teams, many organizations overlook, ignore or fail to anticipate some of the administrative hurdles to successful adoption. As more organizations have matured their use of Teams, a set of lessons learned has emerged to help agencies ensure a successful Teams rollout – or correct course on existing implementations.