Oldsmar water facility attack potentially overblown but risks persist

While the cybersecurity incident at an Oldsmar, Florida, city water treatment plant in 2021 has prompted significant federal action in strengthening water infrastructure cybersecurity, new information has indicated that the intrusion two years ago may have been exaggerated, according to CyberScoop. "The FBI concluded there was nothing, no evidence of any access from the outside, and that it was likely the same employee that was purported to be a hero for catching it, was actually banging on his keyboard," said former Oldsmar City Manager Al Braithwaite in a statement first reported by GCN. Despite the attack on the Oldsmar water plant not being caused by an outside hacker, Water Information Sharing and Analysis Center Director of Infrastructure Cyber Defense Jennifer Lyn Walker emphasized the persistent cybersecurity threat being faced by water treatment facilities. "While some of the incident details may have changed, other findings, other vulnerabilities identified through the investigation are still representative of gaps across the sector and other critical infrastructure and smaller organizations," Walker said.