Feb 5, 2021 a hacker gained illegal remote access into the water treatment plant in the city of Oldsmar, Florida. According to the Tampa Bay Times, Feb 8, 2021:
“Local and federal authorities are investigating after an attempt Friday to poison the city of Oldsmar’s water supply, Pinellas County Sheriff Bob Gualtieri said.”
“Someone remotely accessed a computer for the city’s water treatment system and briefly increased the amount of sodium hydroxide, also known as lye, by a factor of more than 100, Gualtieri said at a news conference Monday.”
The Oldsmar water utility breach shows how critical infrastructure systems can be vulnerable to hacking. The control systems which are often old and never built with security as the highest priority enable administrators and other personnel to connect over the internet using remote access tools.
In this incident, the forensic analysis indicates the hacker likely used a popular remote access software product called TeamViewer with users sharing passwords. The on-duty plant operator happened to witness the attack preventing any damage.
Industrial control systems in transportation, manufacturing, energy, etc, have been prime targets for hackers for many years, with an increasing number of cyberattacks occurring as hacking groups of all kinds attempt to breach these critical systems.
By targeting infrastructure systems such as in the case of the Florida water treatment facility, hackers can potentially do vast amounts of damage, ranging from harming the health of people, using backdoors to steal sensitive data, and causing infrastructures to shut down completely due to a ransomware exploit. Cyberattacks against critical infrastructures can lead to a wide range of dangerous situations including breaking the industrial systems with resulting havoc and potentially large scale physical damage.
Many industrial control systems still run on old or customized operating systems such as obsolete and unpatched versions of the Windows OS. This makes them especially vulnerable to intrusion. Cyber attackers who are members of criminal hacking gangs, and trained, highly sophisticated state backed cyberwarfare groups know this and are exploiting the situation.
According to new figures from Kaspersky Lab’s Threat Landscape for Industrial Automation Systems report, 16.7% of attacks on industrial control centers came from the internet.
The Critical Infrastructure Challenges Of Secure Application Access
Critical infrastructure industries such as water, energy, finance, and transportation are highly dependent on systems located in both OT and IT networks to control the day-to-day operation of the organization.
While many of the OT systems use legacy and proprietary protocols, many systems have been migrating to standard TCP-based protocols. This has allowed IT teams to provide remote or cross-network access more easily to OT systems. Organizations often use access solutions such as VPNs or remote desktop services like TeamViewer.
The problem with granting remote access to critical infrastructure systems is that your organization must provide an architecture required to support secure remote access including:
- Controlling access between different network segments:
- Segment the DMZ network from the IT network
- Segment the IT network from the OT network
- Prevent lateral movement between networks
- Controlling and securing remote access to IT and OT based systems for both external and internal users:
- Support different types of users such as employees and contractors
- Access must be provided only after trust is established
- Users are maintained off the network when accessing the data
- Support for both VPN and non-VPN users
- The use of legacy applications and non secure remote access applications
- Address VPN deficiencies and vulnerabilities
- Add MFA to legacy and non-web applications which do not normally support MFA
The Safe-T ZoneZero Solution
Safe-T ZoneZero offers critical infrastructure industries a solution that changes the way organizations grant secure access to their services. ZoneZero acts as a Perimeter Access Orchestration platform that provides central management of all secure access technologies and helps organizations achieve Zero Trust Network Access (ZTNA).
Safe-T ZoneZero is the first ever Perimeter Access Orchestration solution, incorporating the following modules:
- ZoneZero SDP – a client-less ZTNA solution for non-VPN users
- ZoneZero VPN – a ZTNA solution for VPN users, achieved by integrating with all VPN solutions
- ZoneZero MFA – a ZTNA solution for internal users, achieved by providing built-in and integration with third-party MFA and Identity Providers (IdP)
Safe-T ZoneZero allows critical infrastructure industries to support all access scenarios:·
All user types – people (managed or unmanaged), applications, APIs and connected devices·
All user locations – external or internal·
All application types – new or legacy·
All application locations – cloud or on-premises
Safe-T ZoneZero offers secure, transparent, and controlled access for all types of entities (people, applications, and connected devices) and to any internal application, service, and data, such as TeamViewer, HTTP/S, SMTP, SFTP, SSH, APIs, RDP, SMB, and WebDAV.
Safe-T ZoneZero implements Safe-T’s patented reverse-access (outbound) technology which eliminates the need to open incoming ports in the critical infrastructure organization’s internal firewall. This technology allows critical infrastructure organizations to logically segment their networks to prevent attacker’s lateral movements between IT and OT networks.