It sounds like something from a spy movie. Someone tries to poison a small city’s water supply by remotely accessing the computer for the water treatment system and briefly increased the amount of sodium hydroxide, also known as lye, by a factor of more than 100. It sounds like a sinister plot where James Bond appears at the last minute to save the day.
Sadly, this is no movie plot, this was the reality last week for the Oldsmar, Florida water treatment plant. The city of 15,000 people was so close to having their drinking water contaminated. Luckily, a quick-thinking operator at the plant noticed someone had taken control of his mouse to increase the amount of sodium hydroxide from 100 parts per million to 11,100 parts per million. The operator immediately changed the concentration back to 100 parts per million.
At this point, you may be wondering how does something like this happen? Especially with something as important as water? As an article in Ars Technica points out, the utility had made the following cyber security errors: running an out-of-date operating system (Windows 7), connecting to the internet without a firewall for protection, and a group of employees sharing the same password for remote access (TeamViewer).
Could something like this happen to your business? The FBI has issued a warning to all private businesses in light of the breach at the Oldsmar plant. It is still unknown if the hacker is a state-sponsored actor or disgruntled employee, the authorities are still investigating. The FBI recommends businesses don’t use of out-of-date Windows 7 systems, use strong, unique passwords, and a warning about using desktop sharing software like TeamViewer. Additionally, the FBI made the following recommendation for best practices to mitigate threats:
- Use multi-factor authentication
- Use strong passwords to protect Remote Desktop Protocol (RDP) credentials
- Ensure anti-virus, spam filters, and firewalls are up to date, properly configured, and secure
- Audit network configurations and isolate computer systems that cannot be updated
- Audit your network for systems using RDP, closing unused RDP ports, applying two-factor authentication wherever possible, and logging RDP login attempts
- Audit logs for all remote connection protocols
- Train users to identify and report attempts at social engineering
- Identify and suspend access of users exhibiting unusual activity
- Keep software updated.
While some people may look to lack of funding as being partly to blame for the breach at Oldsmar, the FBI’s 9 best practices can be accomplished on a small budget. Whether you are a small business or large enterprise, Uzado can help you put these best practices into place.