With the way recent events have unfolded, it has been unfortunately noticed that hackers do not hesitate to endanger human lives if it benefits them. This point has been pretty clearly displayed by the attacks on industrial systems.
What transpired?
On February 5, an employee at Oldsmar, Florida, water treatment plant noticed that this mouse cursor was clicking on the plant’s controls in the morning. An attempt was made to change the levels of sodium hydroxide, also called lye, in the water; moving the setting from 100 ppm to 11,100 ppm by the intruder.
The consequences of this attack would have been catastrophic if the poisoned water would have reached the citizens.
What does this mean?
It has to be noted that the hacker did not intrude on the system once, but did so twice. The fact that this could have been a severe cyber, as well as a physical breach is highlighted by this attack. A lot of questions about the security posture of such critical places are also being raised.
Similar Incidents
- Two primary electric utility companies in Brazil, Electrobras and Copel, suffered a ransomware attack that forced them to suspend operations temporarily.
- A campaign called operation Spalax was aimed at Colombian government institutions and private companies belonging to the energy and metallurgical sectors.
- It is suspected that the SolarWinds breach could affect the physical world by affecting the OT systems.
To the critical infrastructure, elements of modern industrial systems are fundamental. Even though IT systems have converged with OT systems because of digital transformation, OT security is often neglected. Attacks on utilities can potentially lead to large-scale power outages. The attack at Oldsmar, Florida serves as an eye-opener highlighting the significance of avoiding industrial networks from being exposed to external networks.
The era of digital warfare has already dawned upon us and it is getting worst by the day. Attacks on critical infrastructure are indisputably a national security concern. Also, since a lot of sectors are interdependent, an attack on one of them could possibly spill over to the others as well. Cybersecurity needs to be a top concern now irrespective of the sectors involved since the incidents listed above are very much capable of foisting real-world damage.
To read more, please check eScan Blog
