wonderfully unique software solutions

Monitoring and intrusion detection software could have protected Florida water supply

Data collection and monitoring applications can mitigate — even prevent — industrial cyber hacks like the one on the Florida water treatment plant, according to a Paessler/Rhebo blog.

“As an example, PRTG and Rhebo Industrial Protector interact in a way that the OT (operations tech) data passively collected by Rhebo with anomaly detection can be used by PRTG, which is by definition an active system, for threat analysis and the definition of counter-measures,” wrote Rhebo‘s Klaus Mochalski in the article.

The cyberattack on the Oldsmar, Florida water treatment plant that made headlines in February 2021 shows just how vulnerable industrial networks can be to hackers, he suggested.

According to Wired magazine, the hacker had actually tried to poison the town supply by telling the computer-controlled systems to increase the proportion of sodium hydroxide in the water — risking the health of around 15,000 city residents.

The chemical is used in water treatment to regulate the acidity of drinking water. Mochalski said the hack was “an almost textbook illustration” of the security flaws that still prevail in many critical infrastructures.

“The lack of damage from the attack was a lucky coincidence rather than due to a thorough security concept. The incident underscores the need for intelligent, real-time monitoring in critical infrastructure,” he said.

According to management, the hacker had infiltrated the system through remote access. This technology is regularly used by the staff, as well as service providers, to access system controls for water supply and treatment via authorised accounts.”

At the very least, an installed cybersecurity system should be able to reliably identify new, unauthorised network participants, notes Mochalski. Instead, the hack was discovered in time essentially by accident.

An end-to-end intrusion detection system can detect and report critical network changes in real time. Network monitoring with anomaly detection can report suspicious and potentially dangerous logins, using indicators such as access time, IP address, access duration and the actions performed with the account or the use of a new account.

“In addition, an industrial endpoint protection system would have added the ability to automatically prevent certain operations directly on the remotely controlled assets,” he said.

And since OT presents quite different requirements and challenges to enterprise or office IT, it is useful to combine different measures that fit some specific needs of OT — including ensuring stability through passive approaches that do not disrupt industrial processes, Mochalski wrote.

Read the full blog article on Paessler’s website.

Paessler solutions allow for monitoring the entire infrastructure, from SMB to large IT infrastructures to monitoring of datacentre and storage, bandwidth, the cloud, databases, ports, servers and SNMP as well as network mapping. It also offers many free network tools.

( Photo by Bluewater Globe on Unsplash )

Recent Articles

Tour the worldwide web — and its restrictions — with NordVPN

Looking at future travel plans post-Covid? VPN provider NordVPN has been rolling out blogs looking at internet use and restrictions that can...

Foxit shines up SDK and steps into e-signatures

PDF software company Foxit has launched an e-signature service -- positioning itself to ultimately compete with digital contract and e-document management specialists...

Developers in global JetBrains poll increasingly rely on the cloud

Twice as many developers work in or on cloud solutions compared to four years ago, according to an annual survey by tooling...

Kaspersky: Luminous Moth under microscope as USB and Zoom threat

Kaspersky, vendor of Kaspersky Total Security, has profiled the so-called Luminous Moth advanced persistent threat to USB drives and Zoom users in...

Acunetix and Netsparker named to Gartner Magic Quadrant for application security testing

Application security testing software by Acunetix has made it onto Gartner's Magic Quadrant league of high-profile offerings rated for their overall vision...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox