We shouldn’t be surprised by the attack on a Florida water system earlier this week. We should, however, consider it a warning signal. Because while the perpetrators were detected and removed from the network, it was only after they had remotely adjusted the level of sodium hydroxide in the water to dangerously concentrated amounts - more than 100 times the normal levels. Fortunately, the Oldsmar Florida water supply remained unaffected thanks to a resourceful operator who noticed the sudden change in the chemical levels and quickly responded. Yet the fact that attackers were even able to get into such mission-critical systems, let alone manipulate them, is worrying.
Unfortunately, this is not the first, and probably not the last attack on critical infrastructure. Attacks across all sectors are growing bolder, more frequent, and exponentially more expensive for the victims. As operational networks become more connected, they are receiving special attention from attackers. These networks control the heart of critical operations. They make up the essence of operational continuity. They are comprised of many legacy systems and devices, some of which entirely lack modern cybersecurity capabilities. And threat actors know this.
Another recent example is the attack on an Israeli water reservoir. OTORIO researchers showed how easy it is to find control systems - like those used in production plants and water treatment facilities - with exposed network security. In December 2020, a threat actor published a video of a breach in an Israeli reclaimed water reservoir system. The reservoir’s system was connected directly to the Internet, without authentication or access limitation. This gave the attackers easy access to the system and allowed them, for example, to change the temperature. All it took was an Internet connection and access to websites that scan the network and find such systems. Hackers are looking for an opening - and an unsecured industrial control system is a great target.
Detecting cyberattacks and responding fast is highly important. In fact, both the teams in Florida’s Oldsmar and Israeli’s water reservoir managed to regain control of their networks quickly. Unfortunately, relying on the awareness of human operators may not be sufficient next time. How can you prevent a successful attack on your network? Be proactive.
Safe critical infrastructure is essential for public health, environmental protection, and economic growth. Ensuring the reliability of critical infrastructure requires addressing the unique security constraints of operational networks. The recent attack on Florida’s water treatment facility could have easily resulted in the poisoning of thousands of citizens. We recommend that critical infrastructure safety and cybersecurity stakeholders combine a reactive approach with a proactive risk avoidance approach in their operational networks.