A threat player remotely accessed the IT system of the water treatment facility of Oldsmar in Florida & raised the levels of Sodium Hydroxide or lye in the water, an action that was quickly noticed & put right.
The attack happened only 2 days before the famous NFL’s Super Bowl LV was held nearby in Tampa Bay, says the local authorities.
An operator at the plant 1st noticed a short intrusion on Fri., Feb. 5, around 8:00am, Pinellas County Sheriff Bob Gualtieri explained in a press conference about this incident on Mon.
Remotely Accessed
Someone remotely accessed the computer system the operator was monitoring that controls chemical levels in the water as well as other operations, he stated.
At 1st, the operator “didn’t think much of it” because it is normal for his supervisors to use the remote access feature to monitor his computer screen sometime, Gualtieri went on to say.
However, around 1.30pm someone again remotely accessed the computer system & the operator observed the mouse moving around on the screen to access various systems that control the water being treated, he outlined.
Lye Levels Raised
During the 2nd intrusion, which lasted 3-5 mins., the intruder changed the level of sodium hydroxide in the water from 100 parts per million to 11,100 parts per million, “a significant & potentially dangerous increase,” Gualtieri warned.
“Sodium Hydroxide, also known as lye, is the main ingredient in liquid drain cleaners,” he revealed. “It is used to control water acidity & remove metals from drinking water in water-treatment plants.”
Sheriff’s Office
Fortunately, the operator quickly changed the level back to normal after the intrusion and alerted supervisors, who then contacted the Pinellas County Sheriff’s Office. Gualtieri said his team notified the FBI & US Secret Service & worked with them over last weekend to investigate & try to discover who was behind the attack.
Authorities do have leads, but have not identified any suspect, nor do they know if the attack came from inside the US or from outside, he cautioned.
Motive Elusive
They also do not have a motive for this attack, although it did happen just before the US Super Bowl was held in Tampa Bay last Sun. The event can usually draw upwards of 150,000 visitors to the area, but this year only about 22,000 live spectators were allowed to attend the game due to the COVID-19 pandemic. 10s of 1,000s of other ‘spectators’ were simply literally cardboard cut-out figures.
Nonetheless, Gualtieri asked all critical infrastructure operators in the Tampa Bay area to check to ensure that their systems have the latest security protocols in place.
No Adverse Effect
He also stressed that despite the seriousness of the Oldsmar incident, “at no time was there a significant adverse effect on the water being treated.”
“Importantly, the public was never in danger,” Gualtieri suggested.
Even if the operator had not so quickly noticed the suspicious activity, he observed it would have taken 24-36 hours for the tainted water to reach the water supply, & redundancies in the system would have tested it before then & caught the raised levels of Sodium Hydroxide.
Critical Infrastructure
The incident is a timely reminder of the potential catastrophic effect an attack on critical infrastructure can have on public safety, making the security of these systems a top priority, security experts informed the public.
“With so much emphasis recently placed on hacks for the health care & financial services industry, an infrastructure hack such as this tends to hit much closer to home as it regards our physical safety,” noted Tom Garrubba, CISO of Shared Assessments.
Call to Action
Given past attacks on the US critical infrastructure such as the power grid, water systems & even nuclear plants, organisations in control of these systems should take the latest attack in Florida as a call to action, observed Hitesh Sheth, President & CEO at Vectra, a San Jose, Calif.-based provider of AI for detecting cyber-attacks.
“Protecting these critical facilities, & upgrading their cyber defences, should be a far higher priority,” he warned.
Some experts blamed the COVID-19 pandemic for putting critical infrastructure at higher risk, due to the necessity of putting remote access capabilities in place sooner than operators of these systems expected, for employees forced to work remotely due to new restrictions.
Traditional Perimeter Security
“Many organisations have previously felt protected by traditional perimeter security such as firewalls & VPNs,” explained Kevin Dunne, President at Greenlight, a Flemington, New Jersey-based integrated risk management firm. “However, the new shift to work from anywhere has reduced the efficacy of many of these methods & even rendered some of them useless.”
Rather than use VPNs to secure networks, Dunne suggested that the most effective way to secure remote access is to monitor identity & access “to know exactly who is access critical systems & what they are doing with that access,” he concluded.
https://www.cybernewsgroup.co.uk/virtual-conference-march-2021/