Remote Access Software And Network Segmentation: A Problem And A Solution?

Local and federal authorities are investigating after hackers broke into the Oldsmar water treatment system in Florida and tried to poison the water supply. Hackers increased the amount of lye in the water by a factor of more than 100.

Lye is used in small amounts to control the acidity of the water. However, in large quantities it can burn skin, cause hair loss, and be fatal if ingested. Oldsmar provides water to businesses in the city as well as approximately 15,000 residents.

Around 8:00 a.m. on February 5, 2021, the plant operator who was monitoring the system noticed that someone else had briefly accessed it. The operator was not alarmed because his supervisor frequently accessed the system remotely.

However, at around 1:30 p.m. that day, the operator saw someone access the system again; take control of the mouse and access the software that controls water treatment; work in the software for several minutes; and increase the amount of sodium hydroxide from 100 parts per million to 11,100 parts per million.

After the hacker left the system, the operator immediately corrected the concentration of lye.

According to the sheriff, there was no adverse effect on the water and the public was never in danger. Even if the operator had not seen the breach, it would have taken a day for the contaminated water to enter the water supply and redundancies in the system would have caught the change in the pH level, he said.

City officials noted that several safeguards are in place to prevent contaminated water from entering the water supply. The city has disabled the remote-access system that was used to breach the treatment system.

The FBI, Secret Service, and Pinellas County Sheriff's Office are investigating the case. The sheriff said they do not know why Oldsmar was targeted.

The authorities have alerted other municipalities in the area and encouraged them to safeguard their water treatment systems and other infrastructure. Jack Evans "Hackers Attempt to Poison Florida City's Water Supply" tampabay.com (Feb. 09, 2021). 

 

Commentary

In the above matter, the remote access privileges were most likely access point for the cyber intruder. If the intruder gained access via the remote access software (perhaps via the supervisor), they would have the same access as the supervisor.

In addition to eliminating remote access, organizations should consider implementing network segmentation. Through segmentation, criminals that gain access to part of your network will not automatically have access to all of your data and operations.

Cybersecurity experts can help you determine what type of network segmentation is right for your organization. Using firewalls is the most common way to segment networks, but other options include switches, air gaps, analog phone lines, virtual Local Area Network (vLAN), and point-to-point encryption.

Although cybersecurity experts strongly recommend network segmentation, organizations have been slow to adopt the practice. According to a 2019 survey conducted by network security provider Illumio, only 19 percent of organizations used network segmentation at the time, and 55 percent said they had no plans to implement it.

Finally, your opinion is important to us. Please complete the opinion survey:

News

So Where Is All The Malware Hidden On Your System?

Cybercriminals are using new technology and techniques to evade detection. Learn more about how malware is hidden from antivirus software. Read More

Are You Practicing Webcam Security?

Hackers can access a webcam and it could simply be on without your knowing. Read tips for staying safe around devices with cameras. Read More

Why Your Organization Needs A Security Breach Notification Plan

All states have laws requiring organizations to notify individuals whose personal data is hacked. Learn more about why. Read More