IOT, Zero trust

Understanding Florida’s water treatment hack, and how to stop future attacks

April 13, 2021
The attack on the Oldsmar, Fla., water treatment plant earlier this year raised the profile of operational technology events and attacks on critical infrastructure. Today’s columnist, Duncan Greatwood of Xage, offers insights into how organizations can adopt a Zero Trust approach to protect against similar attacks. WikimediaCommons Wknight94 CC BY-SA 3.0
  • The exploitation of a single point-of-entry. A Windows machine with a weak machine-level password.
  • Reliance on the machine-level password, with no requirement for user-level authentication. The attacker did not have to prove they were an authorized user, knowledge of the one machine-level password was sufficient to execute the attack.
  • Unterminated direct-access protocols exposed on the internet. It was Team Viewer in this case – for another organization it could have been RDP or VNC. These direct-desktop-control protocols are open to attack when exposed publicly. Security teams must proxy them via a secure termination and authorization system.
  • Open access from the Windows machine to other operational components without any additional policy enforcement. The attacker should have had to prove that they were authorized to adjust the lye level, but in this case, mere access to the Windows machine was sufficient to let them make changes.
  • Device/machine passwords are part of the managed identity system, ensuring the passwords are always complex and difficult to guess.
  • Users must authenticate themselves before being granted any further access.
  • Direct access protocols are terminated on-site, with proxy access granted only to authorized users.
  • The principle of “the least amount of access for the least amount of time” – a core tenet of Zero Trust – ensures that access to a single entry point does not grant users the broad ability to access and make change systemwide.