Roxborough Water and Sanitation District Cybersecurity Update

On Monday morning Roxborough Water and Sanitation District (RWSD) received notice that a water utility in Oldsmar, Florida, had suffered a cyberattack during which a hacker was able to access their supervisory control and data acquisition (SCADA) system software and altered the amount of sodium hydroxide, a chemical routinely used in small doses during water treatment, to levels that would have made the water unsafe to use. We know that given the cyberattack RWSD suffered in August, we have a lot of trust to rebuild with the community, but we want to assure everyone that we have made significant improvements to the security of our IT system, specifically including our SCADA system. Today the Federal Bureau of Investigation (FBI) and the Department of Homeland Security (DHS) provided details on exactly what happened and provided specific recommendations that all water systems implement. The hackers in the Florida case accessed the water treatment plant’s SCADA controls via remote access software, TeamViewer, which was installed on one of several computers the water treatment plant personnel used to conduct system status checks and to respond to alarms on issues that arose during the water treatment process. All computers used by water plant personnel were connected to the SCADA system and used an old version of Windows 7. In addition, all of the computers shared the same password for remote access and appeared to be connected directly to the internet without any type of firewall protection installed.

FBI/DHS Recommended Mitigation

Restrict all remote connections to SCADA systems, specifically those that allow physical control and manipulation of devices within the SCADA network. One-way unidirectional monitoring devices are recommended to monitor SCADA systems remotely.
Install a firewall software/hardware appliance with logging and ensure it is turned on. The firewall should be secluded and not permitted to communicate with unauthorized sources.
Keep computers, devices, and applications, including SCADA/industrial control systems (ICS) software, patched and up-to-date.
Use two-factor authentication with strong passwords.
Only use secure networks and consider installing a virtual private network (VPN).
Implement an update and patch management cycle. Patch all systems for critical vulnerabilities, prioritizing timely patching of Internet-connected systems for known vulnerabilities and software processing Internet data, such as Web browsers, browser plugins, and document readers.

RWSD System
RWSD follows these recommendations. There are sensors and alarms throughout the treatment process that notify operators immediately if there is something outside of normal operating parameters, and chemical doses have locked set points that can only be changed by the Operator in Responsible Charge. In addition, we are currently in the process of completing an independent, third-party review of our cybersecurity system through the District’s insurance provider. The entire team at RWSD is committed to the #1 priority of providing safe drinking water to the community.

Barb

Website Accessibility Policy

Roxborough Water & Sanitation is fully committed to providing accessible facilities, elements and channels of communication to all members of the public. As part of this commitment, Roxborough Water & Sanitation has a policy of providing an accessible website compatible with the Web Content Accessibility Guidelines (WCAG 2.1) and commercial screen reading software. All features of the website are coded to allow individuals with vision and other impairments to understand and use the website to the same degree as someone without disabilities. We welcome feedback and can often resolve issues in a timely manner if they arise.

If you need any special assistance or accommodations:

Call us at 303-979-7286

Ongoing Compliance Information

Compliance Officer

Roxborough Water & Sanitation has designated a compliance officer for website disability-related accommodations. The compliance officer has received training in website accessibility and updates the site in accordance with those best practices. Contact our accessibility officer to report an issue.

Compliance Procedures and Reports

In addition to testing with users with a wide range of disabilities and coding our website to WCAG standards, Roxborough Water & Sanitation regularly scans its website to ensure ongoing compliance, and makes timely changes to any inaccessible changes, if any are found.

Linked Documents and Third Parties

Please note that this site may link out to third-party websites, such as state or federal agencies, that do not have accessible content. This site may also include documents provided by third parties included in our agenda packets, for example. While we cannot control the accessibility of content provided by third parties, we are happy to assist any member of the public with reading and accessing content on our site.

See an opportunity for us to improve? Please contact our accessibility officer or call us at 303-979-7286.

Report a Website Accessibility Issue

We are committed to your ability to access all content, and we will respond to all requests as soon as possible.

Sign up for updates from Roxborough Water & Sanitation