Register now and join us at the beach in May!

This annual event is the highlight of each year for us as well as our members. It provides an opportunity to meet old friends, make new ones, and engage in the critical dialogues so pivotal to the health and well-being of the residents of Maryland. We feature professional training classes, excellent speakers, a top-notch Exhibit Hall, entertainment and socializing opportunities throughout the schedule.

Register Today!

Cyber Security Alert

Compromise of U.S. Water Treatment Facility

On February 5, 2021, unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment plant. The unidentified actors used the SCADA system’s software to increase the amount of sodium hydroxide, also known as lye, a caustic chemical, as part of the water treatment process. Water treatment plant personnel immediately noticed the change in dosing amounts and corrected the issue before the SCADA system’s software detected the manipulation and alarmed due to the unauthorized change. As a result, the water treatment process remained unaffected and continued to operate as normal. The cyber actors likely accessed the system by exploiting cybersecurity weaknesses, including poor password security, and an outdated operating system. Early information indicates it is possible that a desktop sharing software, such as TeamViewer, may have been used to gain unauthorized access to the system. Onsite response to the incident included Pinellas County Sheriff Office (PCSO), U.S. Secret Service (USSS), and the Federal Bureau of Investigation (FBI).

 

click here to read the full advisory: https://us-cert.cisa.gov/sites/default/files/publications/AA21-042A_Joint%20Cybersecurity%20Advisory_Compromise%20of%20U.S.%20Water%20Treatment%20Facility.pdf

EPA’s cybersecurity webpage: https://www.epa.gov/waterriskassessment/epa-cybersecurity-best-practices-water-sector

Cyber Incident Action Checklist: https://www.epa.gov/sites/production/files/2017-11/documents/171013-incidentactionchecklist-cybersecurity_form_508c.pdf