The US and Florida fended off a potentially devastating cyber attack this week, when an unknown hacker was halted in the act of compromising a water plant in Florida. The incident stems from a remote access system that monitors the chemicals used to treat water: the hacker penetrated it and tried to add dangerous levels of chemical agents to the water. Fortunately, a supervisor saw the problem and stopped it.
The incident shows the value of good planning and of multiple levels of threat management. The system at issue here could be observed and corrected by human action. The access problem that originally allowed the intrusion was capable of correction to prevent future events, according to plant officials. And if a supervisor had not seen and corrected the issue, monitoring tools within the plant are designed to sound an alert if water composition is compromised.
Most companies do not have to think about the health and welfare of thousands of Americans when conducting their network security planning, nor about potential national security implications of a failure. But any company could benefit from thinking about how to design multiple, back-up, redundant mechanisms to control access, control permissions, alert administrators and management to threats, and prevent threats from executing even if they make it through the gates. The increasing proliferation of cyber threats, of privacy regulations, and of remote work, make such planning ever more critical to the health and bottom line of every business.