Security Think Tank: Take a realistic perspective on CNI cyber attacks
The recent cyber security attack on the water treatment plant in the Florida city of Oldsmar was caused by the failure of the facility to update its core IT systems.
Running Windows 7, which Microsoft no longer supports, meant security had not been upgraded since the beginning of 2020. From there, it was straightforward for a malicious user to gain access to the supervisory control and data acquisition (Scada) systems, and temporarily change the programme settings to increase the amount of cleaning chemicals added to the water.
In reality, only a handful of dedicated attacks against industrial control systems (ICS) have been documented over the years. But because of the severity of the disruption that can be caused, advanced persistent threat (APT) groups are increasing their focus on targeting them.