# Opener

Water Works Woes: The Oldsmar Cyber Attack and the Call for Resilient Infrastructure

Published by Peter Hawley

The Oldsmar cyber-attack will stand as a reminder of the vulnerability of critical infrastructure systems, and the potential for widescale physical harm coming to communities via a threat vector traditionally only associated with data breaches and credit card fraud. The incident, which occurred in early 2021, saw threat actors set their sights on a seemingly innocuous target: the water treatment plant in Oldsmar, Florida. This attack showcased the potential consequences of lax security measures, highlighting the urgent need for robust defences to safeguard essential services.

The tale unfolded on a fateful day in February when an employee at the Oldsmar water treatment plant noticed something awry. Unknown to them at the time, an unidentified hacker had remotely accessed the facility’s supervisory control and data acquisition (SCADA) system. From there, the attacker manipulated the chemical levels of sodium hydroxide, aiming to raise the concentration to dangerous levels. Had it not been for the alertness and prompt action of the employee, a catastrophe could have ensued, potentially endangering the lives of thousands.

A brief aside for all of the non-chemists in the room: sodium hydroxide, commonly known as caustic soda or lye, is a strong alkaline compound. An odourless solid that dissolves easily in water, when it comes into contact with human tissue it can cause immediate tissue damage severe chemical burns. Is it poor taste to call this a watering hole attack…?

As news of the incident spread, experts were left grappling with a host of troubling questions. How did the attacker gain access? What vulnerabilities had been exploited? The (possibly predictable) reality was that the breach occurred through an unprotected remote desktop protocol (RDP) connection. This stark reminder of basic security hygiene left many dumbfounded. How could a critical infrastructure facility be left exposed, vulnerable to such a rudimentary attack vector?

The repercussions of this incident extended far beyond the local water treatment plant. It sparked a broader conversation about the overall security posture of critical infrastructure systems worldwide. As we rely increasingly on interconnected networks to deliver essential services, the need to fortify these systems against malicious actors becomes ever more urgent.

In response to this wake-up call, there have been calls for stricter regulations and heightened investment in cybersecurity measures across the board. Critics argue that critical infrastructure, from power grids to transportation networks, is the backbone of modern society and must be shielded from cyber threats with the utmost priority. This also translates directly into the risk transfer world, where insurers will want to find confidence that the controls in place for both IT and OT networks are at a level appropriate to industries that exemplify the words critical infrastructure into, well, critical infrastructure.

The Oldsmar incident also underscored the significance of robust incident response and disaster recovery plans. Prompt detection, swift action, and effective communication saved the day in this instance. However, the near-miss should serve as a reminder that preparedness is paramount. Organizations must proactively invest in skilled cybersecurity personnel, continuous monitoring systems, and secure architectures to thwart attacks before they wreak havoc.

Governments and regulatory bodies have a crucial role to play as well. The Oldsmar attack highlights the need for increased collaboration between public and private sectors to combat cyber threats effectively. Information sharing, threat intelligence, and joint initiatives can create a united front against cyber adversaries and promote a culture of resilience.

This was a pivotal moment, a clarion call for change. It brought a sense of urgency in the minds of decision-makers, pushing them to prioritize cybersecurity in critical infrastructure systems. The incident highlighted the need for ongoing investment, education, and innovation to protect against increasingly sophisticated cyber threats.

As we move forward, it is crucial that the lessons learned from the Oldsmar incident are not forgotten. The battle to secure critical infrastructure is ongoing, and the stakes – that of our personal and collective health and wellbeing – are higher than ever. By heeding the warning signs and embracing a proactive approach to cybersecurity, we can build a resilient future where essential services remain intact, shielding our societies from the perils of cyber wrong-uns.