In a perfect world these communications and the operations they command would be walled off from internet-connected systems. But practical demands to monitor operations in real time, glean data analytics from the plant floor and perform remote maintenance have in many cases exposed vulnerable infrastructure to the other side of the firewall. The result is more web-based hacks of operational technology systems. The bad guys get access to critical infrastructure facilities when corporate devices are inadvertently connected to the internet or a network administrator’s credentials are stolen in a spear-phishing scam.
Oldsmar wasn’t the first cyberattack against water infrastructure. In April 2020 Israel’s National Cyber Directorate urged all water-treatment companies to change their passwords on critical systems. In 2016, according to a report by Verizon’s security unit, hackers with ties to Syria gained access to a water utility in an unknown country and managed to “handicap water treatment and production capabilities.”
Despite the alarmist headlines, Oldsmar is mostly a good-news case study. The treatment center swiftly identified what was happening and took immediate action to keep the poison out of the public water supply. Even if the plant hadn’t responded as quickly as it did, there were other controls in place that would have detected a problem and maintained the system’s integrity.
Join the conversation as a VIP Member