What Does a Water Supply Hack Say About Cybersecurity? [Cybersecurity Brief]

florida water supply hack and cybersecurity
Share on facebook
Share on linkedin
Share on twitter
Share on email
Share on whatsapp

When you get that glass of water or wash your dishes, do you think about cybersecurity? Probably not. But one Florida town just served as an example of why cybersecurity is a concern for such daily behaviors.

In a recent announcement, authorities reported that there was an attempt to hack the water treatment system in the City of Oldsmar, Florida. Although the person or party responsible for the hacking is unknown, they do know that the goal of the breach was to increase the levels of sodium hydroxide in the water supply. Luckily, the attempt was detected fairly easily, but the incident does reflect larger cybersecurity questions. For one, in its coverage, Vice raises the point of accessibility the hacker was able to obtain. According to the outlet, the cyber intruder was able to get into the system through TeamViewer, a software that allows control from other devices. While convenient at times, cybersecurity experts say that the simplicity of accessibility using such a software has the potential to cause further problems.

In fact, NBC News reports that this is the kind of cyberattack that experts have worried about for some time, and the U.S. water supply still remains one of the more vulnerable infrastructures. A part of the issue as the article outlines is that drinking water systems are run by varying organizations. In some cases, it may be the local government in control. In other cases, it may be corporations running the system. What this means is that there are a variety of different security practices in place. In the case of this Florida cyberattack, it only took the ability to break past one log in to open up the program controlling chemical levels.

In an interview with NPR, New York Times cybersecurity reporter Nicole Perlroth shared that she thinks this cyberattack will serve as a “wake-up call in general.” As she explained, in the case of such infrastructure settings, it is time to reconsider the practice of providing access to parties that are located in far off areas as many systems do to offer access to distant contractors and engineers. She also noted the fortune in the incident that the software engineer happened to be at the computer when the hacker had breached the program. But what if that engineer hadn’t been right there at that moment?

Key Takeaways:

“Why Cybersecurity Experts Hate TeamViewer, the Software Used to Tamper with Florida Water Supply” – Lorenzo Franceschi-Bicchierai, Vice
https://www.vice.com/en/article/akdqxk/why-cybersecurity-experts-hate-teamviewer-the-software-used-to-tamper-with-florida-water-supply

  • A hacker recently attempted to break into the water treatment system of the City of Oldsmar in Florida.
  • While the hacker is still unidentified, authorities do know the purpose of the cyberattack was to increase the levels of sodium hydroxide in the water supply.
  • The hacker was able to access the system via a software program that allows control from a remote location. Cybersecurity experts warn of the use of this software.

“Lye-poisoning attack in Florida shows cybersecurity gaps in water systems” – Kevin Collier, NBC News
https://www.nbcnews.com/tech/security/lye-poisoning-attack-florida-shows-cybersecurity-gaps-water-systems-n1257173

  • Cybersecurity experts have worried about this type of infrastructure attack for years.
  • One issue making the water systems vulnerable is that they are controlled by different parties with varying cybersecurity systems.
  • In the case of the Florida town’s water system, the hacker only had to bypass a password protect program, which is not uncommon in such infrastructure organizations.

“U.S. Cyber Weapons Were Leaked — And Are Now Being Used Against Us, Reporter Says” – Terry Gross, NPR
https://www.npr.org/2021/02/10/966254916/u-s-cyber-weapons-were-leaked-and-are-now-being-used-against-us-reporter-says

  • New York Times reporter Nicole Perlroth sat down with NPR and discussed the water system breach incident among other cybersecurity topics.
  • She suggested that this cyberattack should serve as an alarm to reconsider the practices around such infrastructure systems.
  • Perlroth noted that the practice of providing access from afar is too commonplace, and an attack on something like a water system has the potential to be very dangerous.

 

Discover More: