This week we saw an attack against a city water system, in an attempt to poison the drinking water.

Many of us have been warning about this for years.

How did this happen?
It must have been the work of sophisticated nation state attackers, it has to be hard to hack a water treatment plant because you know, people could die if that happened. The people in charge must take extra precautions, and have really good security practices in place to keep our drinking water safe. They must have been unable to prevent or avoid this attack.

These are all things that we hope would be true, unfortunately the reality of what actually happened is far more disturbing.

(Channeling my inner security Yoda) Sophisticated this attack was not, difficult to pull off was it not, prevented could have been, security basics lacking they were, practice good they did not.

What happened was a multitude of failures in requiring and implementing the most basic and foundational of security controls.

We have reached a point in our technology journey as a society, that we need to pause for one moment and take stock of the giant mess we have created.

We need to figure out what minimum safety standards are needed for critical infrastructure.

We need to ask ourselves should the things that can kill us be connected to the internet in the first place?

Knowing that the security posture of the affected water treatment plant, borders on gross and willful negligence, what should the legal and criminal consequences be for those who made these shit decisions in the first place.

It's 2021 and computers can kill you, so let's act accordingly.

We will be discussing this and more tonight on the Security Shit Show, join us for what is guarantied to be a lively discussion, and you never know Chris may do some show and tell as well.