Water Supply Threat by a Malicious Hacker in Florida
Overnight, Tech News Pro found out that a malicious hacker gained remote access to the water system of a city in Florida and tried to increase the amount of lye (which in large amounts can be dangerous) in the water treatment system. Luckily, an operator saw one of the attempts to access the system and was able to reduce the levels to normal
Richard Cassidy, Senior Director of Security Strategy at Exabeam: “With Biden publicly chastising Russia in a recent press conference and threatening economic sanctions as a result of previous nation state campaigns, the timing of this attack is interesting. Critical National Infrastructure (CNI) is at the top of the target list for nation state attacks, given the political and socioeconomic impact if successful - even in part. It’s incredibly fortunate that a diligent member of staff noted the anomalous activity and corrected it. That said, what we’ve seen exemplified here is the need to understand and baseline normal in terms of critical asset/system access is absolutely key.
Regardless of whether systems in operational technology (OT) environments are air-gapped or not, if there’s a digital route to the system, then it’s at risk. We’ve got to ensure we’re monitoring OT systems far more diligently by capturing all viable log data in terms of access control, system settings and maintenance. Any abnormality - regardless of how small - should be investigated, triaged and managed accordingly. Relying on users alone for the protection of our CNI systems does not (and will not) scale. No arrests have yet been made and it is not known if the hack was done from within the US or outside.