Remote Access Software And Network Segmentation: A Problem And A Solution?

Local and federal authorities are investigating after hackers broke into the Oldsmar water treatment system in Florida and tried to poison the water supply. Hackers increased the amount of lye in the water by a factor of more than 100.

Lye is used in small amounts to control the acidity of the water. However, in large quantities it can burn skin, cause hair loss, and be fatal if ingested. Oldsmar provides water to businesses in the city as well as approximately 15,000 residents.

Around 8:00 a.m. on February 5, 2021, the plant operator who was monitoring the system noticed that someone else had briefly accessed it. The operator was not alarmed because his supervisor frequently accessed the system remotely.

However, at around 1:30 p.m. that day, the operator saw someone access the system again; take control of the mouse and access the software that controls water treatment; work in the software for several minutes; and increase the amount of sodium hydroxide from 100 parts per million to 11,100 parts per million.

After the hacker left the system, the operator immediately corrected the concentration of lye.

According to the sheriff, there was no adverse effect on the water and the public was never in danger. Even if the operator had not seen the breach, it would have taken a day for the contaminated water to enter the water supply and redundancies in the system would have caught the change in the pH level, he said.

City officials noted that several safeguards are in place to prevent contaminated water from entering the water supply. The city has disabled the remote-access system that was used to breach the treatment system.

The FBI, Secret Service, and Pinellas County Sheriff's Office are investigating the case. The sheriff said they do not know why Oldsmar was targeted.

The authorities have alerted other municipalities in the area and encouraged them to safeguard their water treatment systems and other infrastructure. Jack Evans "Hackers Attempt to Poison Florida City's Water Supply" (Feb. 09, 2021). 



In the above matter, the remote access privileges were most likely access point for the cyber intruder. If the intruder gained access via the remote access software (perhaps via the supervisor), they would have the same access as the supervisor.

In addition to eliminating remote access, organizations should consider implementing network segmentation. Through segmentation, criminals that gain access to part of your network will not automatically have access to all of your data and operations.

Cybersecurity experts can help you determine what type of network segmentation is right for your organization. Using firewalls is the most common way to segment networks, but other options include switches, air gaps, analog phone lines, virtual Local Area Network (vLAN), and point-to-point encryption.

Although cybersecurity experts strongly recommend network segmentation, organizations have been slow to adopt the practice. According to a 2019 survey conducted by network security provider Illumio, only 19 percent of organizations used network segmentation at the time, and 55 percent said they had no plans to implement it.

Finally, your opinion is important to us. Please complete the opinion survey:


Online Requests To Change Payment Procedures: A Red Flag That Needs Thorough Investigation

Organizations must train employees to prevent phishing scams, but also know what to do if an employee falls prey. Read more. Read More

Mac Malware Is On The Rise: Why You Can't Wait To Update

Installing updates to patch vulnerabilities immediately is your best defense against malware, including malware infecting Macs. We examine. Read More

Scam Or Legit: Would You Be Able To Tell The Difference?

The FTC warns people to be alert to scammers posing as government agents and asks for help in communicating the risk to others. We offer further steps for employees to use to avoid becoming victims. Read More