While most cybercriminals target companies and individuals to steal their data and such, there are those that can get a little more extreme. Among the extreme cases include hacking to disrupt systems like traffic controls and other important infrastructure.
Last Friday in Florida, USA, a hacker tried something a lot more extreme. According to reports, a hacker tried to poison a city’s entire water supply. The hack was discovered when a plant operator who monitors toxic levels in the water supply noticed his cursor moving by itself on the screen.
At first, he thought it was just his boss using remote-access software TeamViewer to monitor the facility's systems. But a few hours later, the plant operator noticed his mouse moving out of his control again and cursor began clicking through the water treatment plant's controls.
Within seconds, the intruder was attempting to change the water supply's levels of sodium hydroxide, also known as lye or caustic soda, moving the setting from 100 parts per million to 11,100 parts per million. In low concentrations, the corrosive chemical regulates the PH level of potable water. At high levels, it severely damages any human tissue it touches.
Thankfully, the plant operator spotted the intrusion and was able to fix the problem by adjusting the sodium hydroxide to normal levels.
But now, the bigger concern arises. How was a hacker able to penetrate and gain access to the controls in the first place?
Authorities said that the hacker appears to have compromised the water treatment plant's TeamViewer software to gain remote access to the target computer and that network logs confirm the operator's mouse takeover story.
Interestingly though, there is still not much information on how the hacker managed to get those details in the first place nor how the intruder broke into the operational technology network that controls physical equipment in industrial control systems and is typically segregated from the internet-connected IT network.
While the company has since uninstalled Team Viewer, it goes without saying that many security professionals have long advised on the importance of cybersecurity for operational technology.
The Secret Service and FBI cyber units are now trying to determine who is behind the hack and whether it was someone in the U.S. or overseas. It occurred just two days before the Super Bowl in a city about 30 miles away from Raymond James Stadium.
Now, one of the reasons this hack could have happened is the lack of operational security tools. As industries continue to invest in more operational technologies (OT), industrial IT and operational network security become a priority especially as they involve connectivity to external networks. Yet, many companies are still not aware of the threats to their OT assets.
OT security is a full stack of hardware and software that is used to monitor, detect and control changes to devices, processes and events. Mostly used in industrial systems, OT security protects and controls critical infrastructures such as power stations, transportation networks and smart-city appliances.
While the plot in Florida was controlled, in many cases organisations are simply not aware of the risks their OT is exposed to. In fact, most of their OT devices could already be infiltrated without them even realising it.
Today, securing industrial networks can be done without disrupting operations or risking non-compliance. Solutions that allow complete visibility of network control traffic and establishing the right security policies, put an effective OT Security strategy in place protecting processes, people and profit while significantly reducing security vulnerabilities and incidents.