Experts from Mandiant Threat Intelligence and BlueVoyant offer their take on an attack on a water system in Florida.
A hacker gained remote access to the water system of a city in Florida and changed the water chemical levels.
The hacker briefly increased the amount of sodium hydroxide (lye) in the water treatment system at Oldsmar, but an employee worker spotted it and reversed the action.
The hacker, whose location is unknown, accessed the treatment system’s software and increased the sodium hydroxide levels.
These were immediately returned to normal at the Oldsmar plant which supplies water to 15,000 residents.
But the breach had the potential to provoke vomiting, nausea and diarrhoea through increasing of sodium hydroxide levels in drinking water.
Daniel Kapellmann Zafra, Manager of Analysis, Mandiant Threat Intelligence, said: “Since last year, Mandiant Threat Intelligence has observed an increase in cyber-incidents by novice hackers seeking to access and learn about remotely accessible industrial systems.
“Many of the victims appear to have been selected arbitrarily, such as small critical infrastructure asset owners and operators who serve small populations. Through remote interaction with these systems, actors have engaged in limited-impact operations but none of these cases has resulted in damage to people or infrastructure.
“Fortunately, industrial processes are often designed and monitored by professional engineers who incorporate safety mechanisms to prevent unexpected modifications. We believe that the increasing interest in industrial control systems by actors of this nature is the result of the increased availability of tools and resources that reduce the barrier to learn about and interact with these systems.
“While the incident does not appear to be particularly complex, it highlights the need to strengthen the cybersecurity capabilities across the water and wastewater industry similarly to other critical infrastructure sectors.”
Austin Berglas, Former Head of FBI NY Cyber and Global Head of Professional Services, at cybersecurity firm, BlueVoyant, said: “Along with energy production and manufacturing, water supply facilities are part of the United State’s critical infrastructure and have long been targets for cyberattack from both criminal and state sponsored entities.
“Water facilities rely on systems control and data acquisition (SCADA) systems to manage the automated process or water distribution and treatment. Many of these industrial control systems (ICS) are outdated, unpatched and available for review on the Internet, leaving them incredibly vulnerable to compromise.
“In addition, many ICS solutions were designed for non-Internet facing environments and therefore did not incorporate certain basic security controls – this offers additional vulnerabilities as more and more operational technology environments are allowing access to their ICS systems from the Internet.
“In 2013, the FBI investigated a compromise of the Bowman Avenue Dam in Rye Brook NY and found that members of the Iranian Revolutionary Guard had gained access through Internet facing controls. Although the Dam was not functioning at the time and was most likely not the Iranian’s main target, it demonstrates the vulnerability of certain critical infrastructure when their ICS systems are allowed to be exposed to the Internet and not isolated.”