Blog

Florida Water Treatment Facility Attack – Crucial Questions to Assess Your Current Risk Posture

Brian Proctor | February 10, 2021

Yesterday we learned that a cyberattack on February 5 impacted a water treatment plant in Oldsmar, Florida, which provides drinking water to nearly 15,000 residents. This is the most recent report of a significant breach targeting critical infrastructure and operational technology (OT) systems.

The attack was thwarted in real-time by a very astute employee at the plant. While monitoring the system, the employee noticed the cursor moving on the screen and saw the levels of sodium hydroxide change from 100 parts per million to 11,100 – a potentially lethal amount. This attack comes only months after Israel’s water treatment infrastructure was the target of an attack.

Forescout published a blog in January 2020 entitled 5 Questions to Answer to Improve Cybersecurity in Water and Wastewater Management, which provided guidance to the water/wastewater community on what questions must be answered to effectively strengthen the security posture of these critical systems.

Here are some crucial questions security leaders with these types of environments should be asking in light of this latest attack:

  1. What are our assets and where do they sit on the network?
  2. Which ones are controlled manually, and which ones are automated?
  3. Which assets are connected to the internet and can be controlled remotely?
  4. Where do the vulnerabilities in the system lie?
  5. How could a malicious actor use these vulnerabilities to enter and disrupt operations?

The attack vector used in this incident was reportedly a remote connectivity tool, TeamViewer. With the on-going pandemic, secure remote access will continue to be part of normal operations for the foreseeable future, if not indefinitely. It’s imperative to implement secure remote access technologies and ensure only approved remote access conduits are leveraged by continuously monitoring for remote access communications such as VNC, telnet, SSH, RDP etc.

Now is a good time to understand your remote access behaviors, identify potential anomalies and drive down your mean time to response to initiate an Emergency Response plan as outlined in EPA’s American Water Infrastructure Act (AWIA).

At Forescout our mission is to “Actively Defend the Enterprise of Things,” which includes securing critical networks and devices in water/wastewater and other critical infrastructure sectors. We are honored to work with all those who keep these vital services operational.