May 10th 2023
At #HackTheCapitol, EPA cyber branch chief Nushat Thomas says the EPA understands complaints from states and utilities that they lack the resources to comply with a new water cyber assessment rule.

She lists a bunch of resources and services that EPA offers.
Thomas: "We have training in place for those states who actually want to conduct the...assessment themselves." EPA developed a water-specific cyber checklist based on CISA's cross-sector cyber performance goals, "and we're training the states on how to utilize that checklist..."
EPA also made "an easy-to-use tool" that lets water utilities run through that checklist themselves.

Utilities can also register with the EPA to have the agency conduct the required assessments for them.
Apr 30th 2021
🧵on stealing TeamViewer credentials

Many organizations have systems with TeamViewer actively running; some know it and manage it correctly, other have no idea it is running or where. The latter probably have multiple versions #redteam #blueteam #purpleteam #ThreatThursday 1/10
I started looking deeper into TeamViewer when @snlyngaas reported that a Florida water facility had been breached. A malicious actor used TeamViewer to login and change the levels of sodium hydroxide. The plant operator say this and no damage was done… 2/10
For those that speak @MITREattack we are talking about T1078 Valid Accounts:…
But how were these credentials obtained? We don't know but @brysonbort spoke with #RSAC about it if you want more on the Florida water plant breach: 3/10
