What hacking attacks can teach us about defending networks

A hacker's attack on a water treatment facility has lessons for every organisation.
Written by Danny Palmer, Senior Writer

A water treatment plant fell victim to a hacker to the extent that the intruder was able to tamper with chemical levels and attempt to poison the drinking water supply.

Nobody was harmed when the intruder interfered with the system at the water treatment facility in Oldsmar, Florida because the changes were spotted and the chemical levels reverted to normal, but the incident is a reminder to all organisations that networks must be secured against cyberattacks, especially if systems that manage physical capabilities can be remotely accessed and manipulated.

"What we can learn from this from a defender and an operator perspective as the utility is making sure that we're securing credentials and, wherever possible, limiting the exposure of authentication portals to external entities and implementing multi-factor authentication wherever possible to really minimize the impact of credential guessing," Joe Slowik, senior security researcher at DomainTools, told ZDNet Security Update.

SEE: Cybersecurity: Let's get tactical (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic) 

Additional security capabilities, such as multi-factor authentication, can also provided an additional barrier to an attacker gaining access.

In this instance, the attack was spotted after the intruder had attempted to manipulate industrial control systems, and in order to ensure the full security of an industrial network, there should be protections in place to detect any suspicious activity before attackers can attempt anything at all.

That starts with knowing what's on your network and being able to identify unexpected or unusual activity.

"First and foremost, it's just understanding your own attack surface; what do we have exposed? What are the possibilities for third parties or unwanted entities for accessing our environments. Knowing what those avenues are and, after they've been identified, securing them," said Slowik

"So that combination of understanding our own networks, hardening our networks, where possible, and then looking for attempts to subvert or break into these environments. It sounds fairly basic but that's, at least where we need to get started for defending these environments," he added.


Editorial standards