IDG Answers is a community of experts who are passionate about technology. Ask a question or answer one below.
I also think it is an important wake-up call. I can't believe that there was such an obvious vulnerability in such an important public utility. Apparently this attack was launched by hackers in Russia. It could be replicated by hackers from Iran, North Korea, or anywhere else. I think these Russian hackers did us a favor by exposing the vulnerability present in a small water system. Considering the publicity, other H2O systems would have to be complete and utter idiots not to reexamine their security procedures in light of this. Especially any that are foolish enough to have internet facing server frontends.
First of all, the freakin' IP address used to hack the system was in Russia. Haven't people heard of IP address filtering. It's a good start, and pretty darn standard for companies that utilize remote assistance to require it be performed from a static IP. Secondly, why the heck wouldn't critical systems, like, ohhhh, fresh water systems, have one-way VPNs in place. It isn't rocket science.
In the BBC article that was linked to the original question, there was an interview from Threat Post with the purported hacker, and he claimed to have access to the control system for a waste water treatment plant in Texas. The hacker said that it wasn't even really deserving of the term "hack" in light of the three (THREE!) character password chosen to "protect" the system. If people are really being that sloppy and/or lazy, we really do have a serious issue that must be addressed ASAP!