A hacker breaker in to water treatment facility and briefly adjusted the levels of sodium hydroxide from 100 parts per million to 11,100 parts per million. This attack occurred about 15 miles from the location of, and two days before the Super Bowl. If successful, the attack would have increased the amount of sodium hydroxide to an incredibly dangerous level in the water supply. Fortunately, a vigilant employee saw the intrusion attempt as it was occurring, and stopped it.
Experts say municipal water and other systems have the potential to be easy targets for hackers because local governments’ computer infrastructure tends to be underfunded.
While the method of intrusion in the Florida attack was the abuse of remote access credentials that were shared between employees, there are many other approaches that hackers can and will take to infiltrate critical infrastructure facilities.
Could This Attack Have Been Avoided?
From what we know about this cyber incident, it could have been prevented with more securely configured remote engineering access. This facility was allowing remote access into their ICS systems with a software package called TeamViewer, which was not securely configured
All infrastructure facilities need to be more aware of cybersecurity issues. There are two main facets of awareness. The first facet is employee training . The second facet is having the appropriate cybersecurity products to apply and audit security best practices, quickly identify intrusions, and provide contextual alerts to experts who can mitigate an attack.
Mitigating the Remote Access Risk Vector
As OT cybersecurity attacks increase, companies need to be more proactive about implementing stronger cybersecurity controls and selecting the right tools to help them do this. While many security products have an IT focus, critical infrastructure teams need a tool that is purpose-built for ICS environments, since these systems have a unique set of vendor products
Create a software inventory report and filter to see what remote access software is in your OT systems and which devices are using it. Make sure to look at interfaces on key computers in the system for unauthorized outside connections to identify alternate remote access paths. Accounts frequently used for remote access should also change passwords often, even with 2FA enabled.