Arraya Insights | February 19, 2021
We usually measure cyberattacks in terms of records accessed or data lost, but the consequences could have been far more severe for one Florida town after hackers targeted its water treatment facility. Fortunately, the town avoided a “nightmare scenario.” Still, as one local official put it, the incident served as a reminder of the realities of today’s cyber security landscape and the need for everyone to be vigilant and “on notice.”
The attack occurred in Oldsmar, FL, a small city of around 15,000 in the Tampa Bay area. It began first thing on a Friday morning when a water treatment plant employee who was working remotely noticed someone briefly access the plant’s computer system. Initially, the employee wrote this off as no big deal. After all, it was commonplace for a supervisor to access the system remotely as well. What took place that afternoon, however, was far more alarming.
At around 1:30, the same employee watched as someone once again accessed the system. Only that time, the person took control of the cursor and began moving it around the screen. After a little digging, the unknown party found the controls regulating the flow of sodium hydroxide into the city’s water. The city uses the solution, more commonly known as lye, in small doses to regulate the acidity of its water. The substance is also present in household cleaning chemicals and can cause skin irritation and burns and can be lethal if ingested. The employee watched as the person on the other side of their machine increased the amount of sodium hydroxide in the city’s water from 100 parts per million to 11,100 parts per million. Recognizing something was wrong, the employee reset the concentration level once the attacker left the system.
Local officials were adamant that Oldsmar residents were never in any real danger. Apparently, it would have taken more than a day for the contaminated water to enter the water supply. They stressed that built-in safeguards and redundancies would have caught the change and sounded the alarms before anyone landed in harm’s way. Despite that, concerns remain given the potential severity of the consequences should those safeguards have failed. Florida Senator Marco Rubio has vowed to contact the FBI and wants the incident to be treated “as a matter of national security.”
In response to the breach, the city has disabled the remote-access system leveraged by the attacker.
Cyber security-boosting takeaways for any organization
Post incident investigations have turned up evidence that the plant’s cyber security hygiene may not have been the greatest. Oldsmar’s computers apparently all shared the same password for remote access. They also lacked firewall protection. Additionally, computers with access to the plant’s control systems ran the no-longer-supported Windows 7 operating system.
So what can we take away from this near-miss? Aside from the basics of adding firewalls, implementing strong passwords and upgrading away from unsupported technology wherever possible? For starters, while the employee deserves credit for catching and correcting the attacker’s changes, you can’t help but feel like there was an opportunity to nip this whole thing in the bud even earlier. A quick message to the supervisor could have confirmed that wasn’t who accessed the system earlier in the day, putting everyone on high alert and hopefully locking out the malicious actor.
Additionally, this incident further reinforces the fallacy of trying to stay under hackers’ radar. Far from a bustling metropolis, Oldsmar still managed to draw the eye of attackers. Why? Larger cities and, for that matter, organizations have larger security budgets. Whether motivated by financial gain or, as seems to be the case here, malice, hackers only want to do so much work. Softer targets allow them to accomplish their nefarious goals without coming up against as much resistance.
Finally, this incident also highlights the ongoing need to further harden the network edge. In a recent blog post, we discussed the increasing threat facing organizations as workforces have grown more and more dispersed due to the ongoing coronavirus pandemic. We also highlighted the Secure Access Service Edge (SASE) framework as a way in which to remediate the risk posed by these necessary distributed work arrangements. At a high level SASE combines: secure web gateways, cloud access security brokers, firewall as a service and aero trust network access to deliver the following outcomes:
- reduced security cost and complexity
- modernized collaboration
- enhanced security and performance
- streamlined network and security management
Next Steps: Improving your security at the edge and back
If you’d like to further the conversation around SASE, network edge security or, more broadly, the realities of securing access, data and users in today’s environment, Arraya Solutions can help. Our team has the security and network experience needed to help connect you to the right solutions based on your unique use case. Reach out to us today to start a dialogue!
Visit https://www.arrayasolutions.com/contact-us/ to connect with our team now.
Follow us to stay up to date on our industry insights and unique IT learning opportunities.