This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
| 1 minute read

Cyber Attack on Florida Water Plant Shows Value of Good Planning

The US and Florida fended off a potentially devastating cyber attack this week, when an unknown hacker was halted in the act of compromising a water plant in Florida.  The incident stems from a remote access system that monitors the chemicals used to treat water: the hacker penetrated it and tried to add dangerous levels of chemical agents to the water.  Fortunately, a supervisor saw the problem and stopped it. 

The incident shows the value of good planning and of multiple levels of threat management.  The system at issue here could be observed and corrected by human action.  The access problem that originally allowed the intrusion was capable of correction to prevent future events, according to plant officials.  And if a supervisor had not seen and corrected the issue, monitoring tools within the plant are designed to sound an alert if water composition is compromised.  

Most companies do not have to think about the health and welfare of thousands of Americans when conducting their network security planning, nor about potential national security implications of a failure.  But any company could benefit from thinking about how to design multiple, back-up, redundant mechanisms to control access, control permissions, alert administrators and management to threats, and prevent threats from executing even if they make it through the gates.  The increasing proliferation of cyber threats, of privacy regulations, and of remote work, make such planning ever more critical to the health and bottom line of every business.  

An unknown suspect breached a computer system for the city of Oldsmar’s water treatment plant Friday and briefly increased the amount of sodium hydroxide from 100 parts per million to 11,100 parts per million, Pinellas County Sheriff Bob Gualtieri said during a news conference Monday.

Tags

cybersecurity, privacy, privacy and security law

Related Insights