Cyber Attack On Water Treatment Plant
On Friday February 5th 2021, a hacker broke into a water treatment plant in Florida and made it increase the levels of lye in the water to dangerously toxic amounts.
The hacker gained access to Oldsmar’s water treatment system at both 8 a.m. and 1:30 p.m. using the software Teamviewer.
TeamViewer is run by a German-based company with over half a million users world-wide. They say there was no suspicious activity to indicate a breach. The purpose of TeamViewer was to assist in troubleshooting any issue with digital or computerized sections of the water treatment system.
How Updated Are the IT infrastructure of Government Agencies?
Luckily those running the plant realized this and corrected the issue before anyone was endangered by the act. However, this puts close-call put into question the security or lack-there-of in internet based controls in government IT infrastructure.
The cyber attacker took over the computer system and managed to raise the acceptable levels of lye, or sodium hydroxide, from 100 parts per million to 11,100 parts per million.
This is an example of how weak infrastructure and outdated legacy systems are turning into a serious liability as cyber criminals use these systems to breach government facilities.
It’s almost a cliché at this point to mention that cybersecurity is overlooked. Both in the private and public sectors, there have been an increase in cyber attacks.
There has been a 715 percent increase in detected cyber-attacks in 2020 alone, according to Bitdefender Mid-Year Threat Landscape Report in 2020.
Legacy Systems A Big Problem For Government Facilities
Between December 2018 and August 2019 seven Florida municipalities were attacked by cyber criminals. Why?
Older systems, better known as legacy systems, have created problems for government. Not only are they expensive to maintain but they are incredibly vulnerable to hackers. Agencies can’t accomplish critical tasks and have trouble getting personnel who even know how to use older computers and legacy technology.
The U.S. government was planning to more than $90 billion on I.T. spending and the majority of that money was going to maintaining legacy systems. This is a problem, furthermore, because hackers are getting more sophisticated. The technology cyber criminals use doesn’t have to be advanced to break through a system.
Governments, having the budget and resources to address these problems, often lack the foresight to see how neglecting cyber security is a problem in the future. As a result, we are seeing an increase in hacks, but more importantly, an increase in ransomware attacks.
A fair number of government agencies had plans to modernize their legacy systems. However, there were no documented plans for how to modernize their IT systems.
Looking ahead to the future, there are examples of successful modernization of IT systems within different government agencies. In some cases, agencies take legacy code and replace it with more modern code. Others though, have seen the writing on the wall and decided to migrate their legacy systems on to the cloud.
Businesses Aren’t Faring Much Better Either With Legacy Systems
These problems don’t just apply to government agencies. Businesses using legacy systems can’t sustain themselves successfully anymore. Especially considering the fact that operating remotely is becoming standard practice among many industries.
In fact, one of the biggest problems for companies during the 2020 pandemic was figuring out how to adapt to the lockdowns and continue running remotely. So many businesses put off transitioning over to the cloud because they took their networks for granted.
The problem with that was once the lockdowns began, companies went into a frenzy trying to migrate to the cloud and adjust. As a result, they sacrificed security for operational efficiency. That might have worked as a temporary solution but as the lockdowns extending past 2020 and many companies deciding to remain remote, security is once again at the forefront of the conversation.
Managed IT and The Cloud
Managed IT services providers, also known as Managed service providers (MSP’s), are growing in popularity because they provide cloud and other important services to businesses looking to work on the cloud.
Businesses with no cloud migration plan suffered and those who had already moved to the cloud were able to endure and even succeed in a newly remote environment. Conversely, the traditional 9-5 standard office hours are becoming more and more obsolete. But that creates a new opportunity for cyber criminals to attack vulnerable home network.
IT consulting services are needed in both the private and public sectors to successfully stave off new kinds of malware in a newly remote environment.