this post was submitted on 14 Feb 2024
77 points (100.0% liked)

Technology

59963 readers
3387 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
 

On July 25, 2023, the states of Missouri, Arkansas, and Iowa, along with intervenors American Water Works Association and National Rural Water Association, petitioned the Eighth Circuit to review the EPA’s new rule. This rule requires states to review and report cybersecurity threats to their public water systems (PWS).

The states’ brief argues that the EPA’s Cybersecurity Rule unlawfully imposes new legal requirements on states and PWSs. It also contends that the rule exceeds the EPA’s statutory authority by ignoring congressional actions that limit cybersecurity requirements to large PWSs and by changing the criteria for sanitary surveys through a memorandum

And then there a bunch of PLCs at water utilities compromised:

https://www.politico.com/news/2023/11/28/federal-government-investigating-multiple-hacks-of-us-water-utilities-00128977

https://www.cisa.gov/news-events/alerts/2023/11/28/exploitation-unitronics-plcs-used-water-and-wastewater-systems

https://apnews.com/article/water-utilities-hackers-cybersecurity-1c475f5d2ef3b5d52410c93bdeab3aad

https://www.bleepingcomputer.com/news/security/hackers-breach-us-water-facility-via-exposed-unitronics-plcs/

So many more...

Now, I can understand arguments about jurisdictions, but would the exact same requirements coming from CISA instead of the EMP have been OK, or where these places just whining about any kind of oversight? At the end of the day, they look a little foolish.

top 7 comments
sorted by: hot top controversial new old
[–] SnotFlickerman@lemmy.blahaj.zone 21 points 10 months ago (1 children)

They're Republicans. Reality doesn't matter, only Power and Party.

They'll gladly shoot themselves in the foot as long as it hurts poor people more.

[–] Adalast@lemmy.world 3 points 10 months ago

So what I'm hearing is that any cyber "vindication" should be targeted at the highest income communities in the states. Gotcha.

[–] code@lemmy.zip 7 points 10 months ago (1 children)

Well i think its a little of both. Technically i think epa overstepped its authority, but CISA is the exact place it should come from. Ideally any agency like this would work with CISA who has the mandate. Its certainly complicated when you get into an agency “making law” and theres a case in front of the supreme court now that could disrupt all of that.

[–] redfox@infosec.pub 4 points 10 months ago

That's a good point. There's law and then there's administrative policies.

I agree with the assertion that the mandate was probably more in CISAs realm.

In the end, it needed to happen. Maybe administrations will consider being less petty and just doing what everyone knows needs to be done. Ha ha. Right.

[–] abhibeckert@lemmy.world 4 points 10 months ago (1 children)

The term you're looking for is "vindication".

[–] redfox@infosec.pub 3 points 10 months ago (1 children)
[–] PipedLinkBot@feddit.rocks 1 points 10 months ago

Here is an alternative Piped link(s):

Vindication! -Cpt Holt, Brooklyn 99

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I'm open-source; check me out at GitHub.