February 11, 2021
Last Friday, days before the Big Game in Tampa, an unidentified cyber actor gained unauthorized access to the supervisory control and data acquisition system at a water treatment plant less than 20 miles outside of the city. The actor increased the amount of sodium hydroxide, or lye, but a water treatment plant personnel immediately corrected the change before the system detected manipulation.
The cyber actor likely exploited desktop sharing software and an outdated Windows 7 operating system to remotely manage the water treatment. While desktop sharing software has legitimate use, it can be leveraged by malicious cyber actors in social engineering attacks and to exercise remote control, adjust startup parameters, and inject malicious code. Since Microsoft ended support for Windows 7 on January 14, 2020, the operating system became at risk with no security updates expected to patch known vulnerabilities.
Given the significant risk potential, FTI Cybersecurity encourages the critical infrastructure industry to take a proactive stance in addressing these threats.
Actionable Recommendations
As recommended by the Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, the Environmental Protection Agency, and the Multi-State Information Sharing and Analysis Center, issued in a joint cybersecurity advisory, organizations should take the following actions to mitigate risk:
- Update to the latest version of the operating system (e.g. Windows 10)
- Use multi-factor authentication
- Use strong passwords to protect Remote Desktop Protocol (RDP) credentials
- Ensure anti-virus, spam filters, and firewalls are up to date, properly configured, and secure
- Audit network configurations and isolate computer systems that cannot be updated
- Audit your network for systems using RDP, closing unused RDP ports, applying two-factor authentication wherever possible, and logging RDP login attempts
- Audit logs for all remote connection protocols
- Train users to identify and report attempts at social engineering
- Identify and suspend access of users exhibiting unusual activity
- Keep software updated
How We Can Help
We can work with your team to evaluate your specific needs and tailor solutions that enhance security and readiness to defend against the unique cyber risks facing your organization.
Our team has extensive experience in industrial systems, facilities, and operational processes with deep industry expertise derived from their backgrounds in government, military, and the private sector. We have a proven track record of harmonizing the technical, operational, legal, regulatory, reputational, and workforce components into workable solutions.
Learn more about our Critical Infrastructure Preparedness & Incident Response Capabilities