Jacob Tawil, commissioner of public works for the city, said state-hired technology experts conducted a thorough investigation, including simulating a cyberattack on the city's water system, and found holes in the policies and procedures that could have allowed a hacker to tap into the city's networked water system.
"I don't say that about state audits all the time, sometimes I butt heads with them, sometimes we don't agree on everything, but this time it's absolutely timely, needed and it should be done if not annually every three-to-five years by the state to make sure every commitment made is implemented because there are really bad people out there," Tawil said Thursday.
"Adequate" policies and procedures were not in place to document information technology employee security duties, to guide employee usage of portable devices, or to require monitoring of networked water system devices, according to the state Comptroller's report from November. Technology security awareness training was also not provided to employees.
That has been or is in the process of being changed and addressed, Tawil said. Annual training for employees will be implemented and the city has contracted an IT firm to handle the city's water security systems. The council and the mayor have told Tawil if he needs additional resources to make improvements happen, he can have them, he said.
The city has 7,443 water connections, 28,400 customers and provided 811.3 million gallons of water production in 2017, according to the Comptroller's Office. It provided $6.7 million in metered water sales. The audit period was from Jan. 1, 2017, to Sept. 21, 2018.
©2019 The Times Herald-Record, Middletown, N.Y. Distributed by Tribune Content Agency, LLC.