Take a realistic perspective on CNI cyber attacks

by Jeremy

The recent cyber security attack on the water treatment plant in the Florida city of Oldsmar was caused by the failure of the facility to update its core IT systems. Running Windows 7, which Microsoft no longer supports, meant security had not been upgraded since the beginning of 2020. From there, it was straightforward for a malicious user to gain access to the supervisory control and data acquisition (SCADA) systems and temporarily change the program settings to increase the number of cleaning chemicals added to the water. In reality, only a handful of dedicated attacks against industrial control systems (ICS) have been documented over the years. But because of the severity of the disruption that can be caused, advanced persistent threat (APT) groups are increasing their focus on targeting them.

Security Think Tank hero

The key risks that this raises can typically be divided into three categories:
  1. Alteration of the actions that an ICS device is performing to cause harm. The release of chemicals into the water supply in Florida and the Stuxnet attacks against an Iranian nuclear power plant are good examples of these risks occurring.
  2. Disruption of critical infrastructure by attacking ICS devices or flooding networks with traffic via the denial of service (DDoS) attacks. This can take significant time to resolve and be costly to correct.
  3. Use of ICS networks as a gateway into other parts of an organization’s systems.


The first step to addressing these risks is to understand the managed ICS devices – for example, how many there are and where they are located? National infrastructure is spread over a wide geographical area – and increasingly in consumers’ homes – so not everything will be immediately visible.

Physical protection of these devices is less of a concern; the industry has successfully deployed deterrents such as fences, gates, security guards, and underground burial for decades.

But as more of them are used within households, safeguards are required to ensure these cannot be tampered with directly, causing them to send back false data or programmed to modify other devices in the chain by sending erroneous data.

Related Posts

Leave a Comment