What Can We Learn from Oldsmar Cyber Attack?
Last month, the continued threat of industrial cyber-attacks was once again highlighted, when the city of Oldsmar, Florida suffered an ‘unlawful intrusion to the city’s water treatment system’. The attacker successfully, remotely accessed the plants computer system, significantly increasing the level of sodium hydroxide added to the city’s drinking water.
Luckily, the attack was immediately detected before any harm could be done, so we spoke to DTG’s Cyber Security expert, Tim Gowling to understand more about this event and what lessons we can all learn from it.
Tim, can you explain how the attacker was able to access the control system?
It looks like the attacker managed to access the remote desktop control software that was installed on the Water Plant Control PC. It is not clear how they achieved this but fundamentally Internet access was available to an OT (Operational Technology) device without the appropriate firewall and security controls being in place. The article also suggests the TeamViewer application was installed on the OT equipment unofficially by local operational staff and a vendor who did not fully understand the risk they were creating.
What have Oldsmar done to prevent this happening again?
Some background reading suggests they are now planning to install a firewall to segregate their OT and IT networks to prevent unauthorised traffic accessing their OT network. I would expect them to set a governance process to ensure this is effectively managed and also to embark on a programme of Cyber education with the workforce. The article also infers they did not have a comprehensive inventory of the assets on their OT network and therefore risk assessing and managing their vulnerabilities would have been very difficult.
How do other organisations know if they are vulnerable to a similar attack?
If organisations are asking this question, then they are vulnerable. Before they find out the hard way by falling victim to an attack, they must develop and execute a multi-layered OT cyber defence strategy. The key elements to this strategy encompass threat defence and detection, disaster recovery, business continuity, and staff education. It must also cover both data and applications. Clearly every organisation starts from a different baseline, but once a strategy has been established, a risk assessment should be carried out to determine the highest risk and impact areas. This will help shape the planning of the complex and potentially costly cyber improvement activities.
How can DTG help in this situation?
DTG recently launched a revolutionary Industrial Cyber Assessment tool (CAsT), which identifies security weaknesses in OT systems and offers solutions to increase an organisations resilience to emerging cyber threats. Through extensive data collection, CAsT compiles a detailed OT asset inventory, identifies security weaknesses, and proposes risk reduction solutions. Using data visualisation software, these solutions are simulated, making it easy for decision makers to address their immediate OT cybersecurity needs and incrementally tackle less significant risks, protecting business and digital operations from the detrimental effects and disruption of cybercrime.
DTG can also provide bespoke Industrial (OT) Cyber Security training for staff, available in various formats including traditional face to face, online live webinar or on demand e-Learning modules.
Our combined approach offering OT Cyber Training in conjunction with the CAsT application is a game changer for process industries looking to improve their OT cybersecurity in critical infrastructure.
Read Tim’s previous blog!