We Just Witnessed a Cyber-Physical Attack: Why the Florida Water Treatment Plant Incident Must Force Us Beyond IT-Centric Cybersecurity

The recent cyber hack of water treatment plant operations in Oldsmar, FL., is another stark reminder of the growing danger of cyber-physical threats. The move toward converged security of IT, Operational Technology (OT), and Physical Security systems has never been more urgent.

The Incident

The attack on the water treatment facility appears to have been an attempted takeover of the computer system where a hacker gained access and tried to alter sodium hydroxide levels (which treat the water) from 100 parts per million to 11,100 parts per million. The targeted change to chemical delivery was noticed before it executed – avoiding a potential catastrophe to water supplied to the area’s 14,000 residents. If the process had been completed, the increase in levels of sodium hydroxide, also known as lye, could have raised the city’s water to potentially lethal levels.

According to one news outlet, the hacker was able to carry out the attack by compromising a remote access software program named TeamViewer that was installed on a facility computer. TeamViewer allows workers to share screens for troubleshooting and IT issues and fortunately, an employee monitoring the computer noticed and counteracted the hacker’s mouse movement and keystrokes before the attack could be carried out.

Bloomberg Law called it a “wake up call, 20 years in the making,” with experts citing the need for greater protection at the municipal level and increased awareness of cyber incidents to critical infrastructure and control systems.

Businesses Still Work in Silos, But Attackers Don’t

According to The State of Security Convergence in the United States, Europe and India, an ASIS Foundation Convergence Report published in 2019, organizations are often slow to adapt to change unless forced to do so. “Reluctance to converge often centers around people issues,” the report stated. Physical security, IT, and OT personnel are commonly aligned in legacy siloed structures and reluctant to change for fear that convergence will translate into diminished roles. Malicious actors however don’t think this way and ultimately capitalize on these traditional roles working in isolation from each other.

Compounding the problem is the monitoring systems for these functions are seldom integrated, and even more rarely correlated for contextual understanding of an evolving security event. Both people and systems are isolated from each other – the very definition of halfway security.

Critical infrastructure industries continue to ignore the reality that millions of dollars are being spent on these halfway security measures, while breaches continue unabated and threat vectors rise. Current spending on regulatory compliance and network security too often misses a structural vulnerability: security is still imprisoned in corporate silos and needs to break free.

Three Recommendations

1. The Intelligent Enterprise Needs Intelligent Security

The altered and ever-changing threat landscape requires a mind-shift focusing on security convergence. Facing new and emerging threats requires intelligent platforms that can effectively converge applications and leverage big data, machine learning, and predictive analytics across OT, IT, and Physical Security environments.

2. The Unavoidable Human Side of Security

At the center of converged security is people, identity, and trust. Remote work and remote accessibility have skyrocketed during the pandemic and the growing consensus is that the future of many businesses will include a significant remote workforce. But do you know who is handling your critical infrastructure operations?

Consider the worker who is able to log into enterprise Utility or Energy operational systems without legitimate access or swiping their own access card, but simply by tail-gaiting and following someone into a building. Gaining access to OT systems without badge verification should trigger automated checks and alarms to alert security to investigate a physical breach–innocent or not. HR is a fundamental component of the solution in risk-ready enterprises and critical in effectively managing the workforce, performing as the authoritative source of truth for identity. A converged security technology platform, with a single view of cyber, physical, and operational parameters, delivers a unified and proactive threat response to a wide range of incidents–with real-time data connections across all critical enterprise applications.

3. Insider Threat Protection 2.0

Unified security awareness and AI-powered situational intelligence offers a centralized view of complex threats across cyber, physical and operational domains, while automated workflows prioritize response based on risk and criticality. Real-time data turns into insights and action with AI identity intelligence, further consolidating information to correlate threats for informed decision making.

The Way Forward

In a September 2020 press release, Gartner predicted that by 2024, liability for cyber-physical security incidents will “pierce the corporate veil to personal liability” for 75% of CEOs. In response, “Regulators and governments will react promptly to an increase in serious incidents resulting from failure to secure the CPS, drastically increasing rules and regulations governing them,” said Katell Thielemann, research vice president at Gartner. “Soon, CEOs won’t be able to plead ignorance or retreat behind insurance policies.”

We’re living in unprecedented times. Attacks to asset-intensive environments such as critical infrastructure and healthcare will continue to rise as malicious actors create new ways to leverage potential vulnerabilities. From COVID-19 to cyberattacks, the threats are many and complex. As security and technology leaders we are compelled to rise and meet the challenge. At AlertEnterprise we believe that only a converged approach, beyond IT-centric cybersecurity, is the way forward.

ae-whoweare-headshots-mark

By Mark Weatherford
AlertEnterprise, CISO

Let's chat.

David Cassady

Chief Revenue Officer

David Cassady has been selling and leading sales teams in Silicon Valley for more than 30 years. During that time, he’s led a mix of established software players and startups. Cassady has also been involved with five IPOs — and at least as many acquisitions.

As Chief Revenue Officer, David leverages his extensive experience helping software businesses drive growth through skill-building for cloud and SaaS-focused teams. Together with the AlertEnterprise team, David is focused on the intersection of a repeatable sales process, a predictable pipeline and a multi-channel go-to-market strategy that includes physical security system integrators and SAP — all with the goal of driving explosive growth for the company.

Mark Weatherford

Chief Security Officer
Senior Vice President, Regulated Industries

Mark Weatherford brings years of high-level cyber-physical expertise to AlertEnterprise, and as Chief Security Officer (CSO), he guides the strategy of data management and protection by advising cyber-physical security policies and procedures within the company. Weatherford also works in liaison with businesses and executive professionals in the cyber and physical security industries to further accelerate security convergence adoption.

Mark has held numerous high-level cyber-centric positions, including Vice President and Chief Security Officer at the North American Electric Reliability Corporation (NERC), the Department of Homeland Security’s first Deputy Under Secretary for Cybersecurity under the Obama administration, California’s first Chief Security Officer, and the first CISO for the state of Colorado.

Harsh Chauhan

Chief Technology Officer

As Chief Technology Officer (CTO) of AlertEnterprise, Harsh Chauhan is responsible for the company’s engineering technology innovation and solution delivery. A 20-year technology veteran and leader, Chauhan is focused on the growth of the company’s 3D Governance Risk Compliance (GRC) hyperscale cloud platform.

He also continues to develop integrated solutions with leading technology partners like SAP, SAP NS2, and ServiceNow. Before AlertEnterprise, Mr. Chauhan held multiple CTO positions, as well as Product Owner and Head of Development at SAP GRC 10.0, delivering targeted solutions to high-profile SAP clients.

Ruby Deol

Chief Operations Officer

Ruby Deol oversees all business units at AlertEnterprise. With more than 20 years of experience in global sales and support services, Deol nurtures existing client relationships with a customer-first approach. As AlertEnterprise continues to grow in industry recognition and stature, Deol is charged with developing and implementing methods to meet organization goals and facilitate the company’s ongoing transformation.

Kaval Kaur

CFO and Co-Founder

As Chief Financial Officer (CFO) and Co-Founder of AlertEnterprise, Kaval Kaur leads all finance and administrative back-office operations. Kaur is a member of the national professional organization American Institute of Certified Public Accountants (AICPA) and the California State CPA Society.

Prior to joining AlertEnterprise, she was the CFO and Co-Founder of Virsa Systems, a position she held until its acquisition by SAP.

Kaur is a philanthropist at heart, embracing the diversity of the San Francisco Bay area by assisting with and promoting special cultural events. She recently sponsored 2,000 public schools in rural India to advance computer literacy skills for children and is a foster mother to a 10 year old.

Jasvir Gill

Founder and CEO

Leading the charge of digital transformation and security convergence is Jasvir Gill, Founder and CEO of AlertEnterprise, Inc. An accomplished engineer by trade, Gill is driving the long-overdue digital transformation of the physical security industry.

Prior to launching AlertEnterprise, Gill was the founder and CEO of Virsa Systems, where he grew the company into a global leader of application security software. An early pioneer in establishing governance, risk and compliance as a software market segment, he drove exponential growth at Virsa, facilitating its acquisition by SAP in 2006.

In his free time, Jasvir helps drive social and economic empowerment in the community. He’s also a trustee at the American India Foundation.