The Oldsmar Water System Attack: What It Can Teach Us

Blog The Oldsmar Water System Attack: What It Can Teach Us

The Oldsmar Water System Attack: What It Can Teach Us

February 10, 2021

Last week’s attack on the Oldsmar, Florida, water system demonstrated that critical infrastructure operations are under constant threat of cyber attacks, and that a successful attack can have life-threatening consequences.

Fortunately, the Oldsmar breach was detected and addressed before any harm was done. And while it may be months before we have all the details of this particular attack, it serves as a reminder of realities that every critical infrastructure organization must confront.

It can happen anywhere

There’s nothing about a water treatment facility in Oldsmar, Florida that would make it an obvious target for an attack, but that’s the point. Threat actors don’t limit their attacks to large, high-profile targets. Smaller organizations—with less money to spend on cybersecurity—are ideal for testing out or demonstrating new attack techniques.

And as a reminder, attackers don’t need to single out their victims in advance—they let automated tools run in the background, searching for user credentials (or other vulnerabilities) at thousands of organizations at once. Once they find a vulnerable network, they can choose their moment to exploit it, or sell access to other threat actors.

Connectivity creates risk

Remote access and internet connectivity have become facts of life for many critical infrastructure organizations, especially during the pandemic. But new network connections create new possibilities for a security breach.

Government cybersecurity experts and standards bodies have been proposing for years strategies and techniques to limit exposure and prevent breaches at facilities like Oldsmar. These are outlined in the Department of Homeland Security’s publication Seven Steps to Effectively Defend Industrial Control Systems, and in the IEC 62443 standards for security in industrial communication networks. These publications recommend a defense-in-depth strategy, based on network segmentation and use of tightly controlled data flows into and out of plants, for managing the growing risks to critical infrastructure.

Owl Cyber Defense has helped water systems adopt these strategies and gain greater control over their data flows using data diode technology. To learn more about the DHS Seven Steps to Effectively Defend Industrial Control Systems and how Owl can help implement them, read our whitepaper Owl Supports DHS 7 Strategies.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

The Oldsmar Water System Attack: What It Can Teach Us

The Oldsmar Water System Attack: What It Can Teach Us

Insights to your Inbox

Recommended Articles

Proven Solutions for Navy “Data Maneuverability” @ AFCEA WEST

Owl SEER Lab MiniBlog 1: CVE-2023-21093

Reduce Cyber Stress (at least at work) by Implementing Data Diode Enforced Segmentation