“Alarms and logs for critical infrastructure systems should be reviewed and attended to constantly, and if such a hack or changes in set tolerances were to occur, a root cause analysis is imperative to mitigate such an event from happening in the future.” “With so much emphasis recently placed on hacks for the healthcare and financial services industry, an infrastructure hack such as this tends to hit much closer to home as it regards our physical safety,” Garrubba adds. Tom Garrubba, CISO of Shared Assessments, a member-led risk management strategies, tools, and intelligence organization, says the attack should also serve as a reminder of he need to “consistently review and monitor” critical administrative accounts that have the ability control systems like those found in the Oldsmar plant. In fact, convenience is often the primary driver for decisions with cybersecurity a mere afterthought." Mitigation Shortfalls “The challenge we are facing with these types of scenarios is that most organizations do not understand cybersecurity risk. The overall risk is normally manageable though because controls, such as disallowing remote access, are put in place to make the likelihood of something bad happening very unlikely,” Espinosa explains. In this case, the impact (poisoning, possible death) to the population using the water from this facility is quite severe. “Normally, risk is the impact if something bad happens times the likelihood of it happening. Organizations tasked with operating and protecting critical public infrastructure must assume the worst and take more serious measures to protect their environments.”Ĭhristian Espinosa, Managing Director at Cerberus Sentinel, which provides managed security and consulting services, questions why remote access would even be permitted at a facility as crucial as a water treatment plant and says that security measures for such locations should match their criticality. “Though this attack was not successful, there is little doubt a skilled attacker could execute a similar infrastructure attack with more destructive results. “The cyberattack against the water supply in Oldsmar, Florida, last week should come as a wakeup call,” Nayyar says. Saryu Nayyar, CEO of security analytics firm Gurucul, agrees that situation could have been much different had the attacker been more skilled. While it is not known at this stage how the attackers obtained the credentials required, this incident, like many that we’ve documented in recent years, didn’t seem to rely on sophisticated zero-day exploit for its execution.” “In this very case, the water treatment plant of Oldsmar has been using a TeamViewer instance, which apparently was accessible from the internet. “Remote access, in particular, when not designed with security in mind, is often the beachhead used by remote attackers to infiltrate an ICS network,” he adds. However, Carcano adds that the incident demonstrates how security can often go overlooked in industrial control systems (ICS), especially those owned and operated by small municipalities or other local government bodies with smaller geographic footprints and budgets. “Furthermore, according to the reports of the incident, the attacker increased the levels of sodium hydroxide by a significant amount, typically monitored by automated systems, which likely suggests that the threat actor didn’t possess a specific background knowledge of the water treatment process.” “The fact that the perpetrator didn’t conceal his visual presence to the personnel monitoring the water treatment operation is the first signal that suggests the relatively low complexity of the attack,” Carcano explains. Fortunately, the employee was monitoring the computer and noticed the activity of the hacker before the attack could be carried out.Īndrea Carcano, Co-Founder of Nozomi Networks, which provides cybersecurity solutions to critical infrastructure operators, says that the hacker in this case appears to have been a relative novice given the attack’s lack of sophistication. Last week, these predictions came perilously close to becoming reality as an attacker infiltrated the computer system of a water treatment facility in Oldsmar, Fla., and attempted to raise the level of sodium hydroxide, more commonly known as lye, in the city’s water supply to potentially lethal levels.Īccording to multiple published reports, the hacker was able to carry out the attack by compromising a remote access software program called “TeamViewer” that was installed on the computer of one of the facility’s employees. Cybersecurity professional have warned for years about the dangers posed to our nation’s critical infrastructure by hackers, who with only a few keystrokes, could inflict a wide range of damaging attacks that could lead to widespread chaos and even death.
0 Comments
Leave a Reply. |