A hacker remotely accessed a water treatment plant in Florida and tried to poison the water supply, according to local police. The intrusion occurred at a water treatment plant in Oldsmar, Florida, which is home to about 15,000 people, according to Pinellas County Sheriff Bob Gualtieri. Last Friday, an operator at the facility noticed some suspicious activity: an unknown user had remotely gained access to a computer system that controls chemical processes at the plant. The mysterious culprit spent three to five minutes accessing various functions on the computer, including one that controls how much sodium hydroxide, also known as lye, is added to the water.
<p>This event reinforces the increasing need to authenticate not only users but the devices and machine identities that are authorized to connect to an organization\’s network. If your only line of protection is user authentication, it will be compromised. It\’s not necessarily about who connects to the system, but what that user can access once they\’re inside. If the network could have authenticated the validity of the device connecting to the network, the connection would\’ve failed because hackers rarely have possession of authorized devices. This and other cases of highjacked user credentials can be limited or mitigated if devices are issued strong, crypto-derived, unique credentials like a digital certificate. In this case, it looks like the network had trust in the user credential but not in the validity of the device itself. Unfortunately, this kind of scenario is what can happen when zero trust is your end state, not your beginning point.</p>
<p>The incident at the Oldsmar, Florida water treatment plant is a reminder that our nation’s critical infrastructure is continually at risk; not only from nation-state attackers but also from malicious actors with unknown motives and goals. Our dependency on critical infrastructure – power grids, utilities, water supplies, communications, financial services, emergency services, etc. – on a daily basis emphasizes the need to ensure the systems are defended against any adversary. Proactive security measures are crucial to safeguard critical infrastructure systems when perimeter defenses have been compromised or circumvented. We have to get back to the basics – re-evaluate and rebuild security protections from the ground up.</p>
<p>The issue of hackers remotely gaining access to the network through TeamViewer highlights the increasingly complex nature of critical infrastructure. Making sure basic security controls are implemented can help mitigate the risk of CNI attacks. Organizations, particularly those in CNI must detect the first signs of a cyberattack immediately, not after the damage is done.</p>
<ul style=\"font-weight: 400;\"> <li>Managing critical infrastructure security comes with several challenges. It entails massive environments that can’t experience downtime, and safety is often prioritized over security. For example, vulnerability scanning and remediation on OT devices often only occur once or twice a year. As a result, we are potentially leaving the back door wide open for nefarious attackers to our critical infrastructure.</li> </ul> <p> </p> <ul style=\"font-weight: 400;\"> <li>Now that OT environments are no longer insulated from internet-based risks, threat actors have seized on the opportunity: IBM reported a 2,000% increase in cybersecurity incidents targeting OT in 2019. In fact, the number of advisories published by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), a U.S. government entity and foremost authority on OT, has dramatically increased by 30% to 224 advisories.</li> </ul> <p> </p> <ul style=\"font-weight: 400;\"> <li>Security leaders of local governments and city municipalities must consider a new approach to vulnerability detection and management. There needs to be a paradigm shift in mindset. Organizations must move beyond detection and response and adopt more proactive and preventative security strategies for critical infrastructure.</li> </ul>
<p>The thing we need to understand is that you don’t have to be a highly skilled attacker to be able to successfully breach a system like this. Although alarms would’ve been triggered before any dangerous water reached anyone’s taps, this plant was very lucky that the worker noticed his mouse moving and was able to address it quickly. Water plants are not known for their security resources, and between budget cuts and COVID keeping people working remotely, they’re even more vulnerable. It’s becoming easier and easier to access systems like these by people who have hardly any experience at all.</p> <p> </p> <p>The area this happened it has a high population of children, and it’s disturbing to think someone would attempt to do harm like this.</p>