Strategies for Securing Remote Access for Critical Infrastructure

Another day, another near-catastrophic hack.

This time, the target was a water treatment facility in Oldsmar, FL, a key part of the region’s infrastructure. While attempted attacks of the public infrastructure sector are nothing new, the methods by which this breach was conducted are raising alarms among cybersecurity experts.

What Happened?

A nefarious person or group gained remote access to the system that controls chemical levels in local drinking water and increased the level of sodium hydroxide by 10,900%. Thankfully, the treatment facility was able to regain control and prevent the chemicals from reaching the water supply, but the situation has sounded alarms across the industry.

Speaking to Data Breach Today, Mike Hamilton, the CISO of CI Security and former member of the Department of Homeland Security, highlights a key takeaway from this hack: "The lesson to be learned here is that public sector organizations that provide critical services - which are largely unregulated for security - need some scrutiny on their IT and OT security."

Lessons to Be Learned from This Hack

When enabling a remote workforce, especially in a critical infrastructure sector, security must be top of mind in order to protect critical operations and equipment, proprietary data, sensitive information and, in extreme cases such as this, the safety of citizens. While most workers involved with industrial processes of critical infrastructure organizations are still working on-site, many administrative job functions have become remote positions which can still expose organizations to risk.

In fact, the Cybersecurity Infrastructure and Security Agency, along with the NSA, issued updated critical infrastructure security recommendations in July 2020, including limiting or eliminating remote access. According to the recommendations, "Remote connectivity to OT networks and devices provides a known path that can be exploited by cyber actors. External exposure should be reduced as much as possible."

In a statement that now can be viewed as ominous foreshadowing, Vectra’s Hitesh Sheth also states “We've seen enough breaches of the U.S. power grid, water systems and even nuclear plants to conclude this: Protecting these critical facilities and upgrading their cyber defenses should be a far higher priority.”

So, what can be done? At SOFTwarfare, we recommend three concrete steps that can be taken to prevent similar attacks:

1) Use a more stringent methods, such as Bio-Factor Authentication, to secure remote access

2) Deploy a least privileged access model, granting access on an as-needed basis for each resource, system, and network

3) Secure cybersecurity workflows for mission critical operations with Bio-Factor Authentication

The breach that occurred at Oldsmar’s water treatment facility further underscores the urgency of securing critical infrastructure. Had this attack not been caught, thousands of lives would have been in jeopardy. It’s time that we eliminate the risks that can lead to inconceivable danger.

To learn more about Bio-Factor Authentication, please visit: