Monday, July 13, 2020

Army ROWPU Hacked in Iraq

A thread on a logistics discussion board on REDDIT about a water supply issue for a US Army unit in Iraq claims that a cyberattack on a reverse osmosis water purification unity (ROWPU) employed by the 248th Composite Supply Company caused it to stop functioning. Reportedly the Army has had to provide emergency water supplies to the unnamed unit. The Army has refused to comment on the reported incident.

 

The ROWPU is supposed to be a slightly modified version of Robotron Wasseraufbereitungsanlage (WABA) unit. Robotron recently released a security advisory for their WABA unit. According to that advisory there are multiple vulnerabilities in the unit that could be remotely exploited. The advisory explains that exploits could allow the unit to become over pressurized and damage the filtration cartridges.

 

Robotron spokesman Erich Mielke confirmed that the WABA advisory had recently been published on their web site. “The advisory includes mitigation measures to address the vulnerabilities and Robotron continues to work on updated firmware for the equipment,” Mielke said.

 

When asked if the US Army had been notified of the vulnerabilities, Mielke told this reporter: “We published the advisory on our web site. System owners are responsible for monitoring that site and taking appropriate actions.”

 

Kate Libby, a spokesperson for Dragonfire Cyber, confirmed that the Robotron disclosure process was fairly common in the industry. “I am surprised that a military contract would not include a vulnerability disclosure requirement for the vendor, but it could certainly happen,” Libby said.

 

When asked about the mitigation measures outlined in the Robotron advisory, Ms. Libby explained that the generic mitigation measures included not using the remote operation capabilities provided with the unit. She noted: “It would be impracticable to stop using the remote operation controls on a unit employed in Iraq. It would require keeping a person stationed at the unit during routine operations in 120˚ daytime temperatures.”

 

CAUTIONARY NOTE: This is a future news story –


Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)