The attack on the water treatment system in the small town of Oldsmar, Fla., lacked technical sophistication, showed no insider knowledge of the system, and had all the hallmarks of a hacker joyride through a critical system.
Yet the fact that an unsophisticated attacker compromised a system, changed the chemical mix for treating the water, and could have potentially harmed people will likely have a ripple effect and attract more attackers to test the cybersecurity of municipal water systems, says Padraic O’Reilly, co-founder and chief of product for CyberSaint, an IT risk management firm.
“We don’t care whether it is a joy ride or not because now people know it’s possible,” he says. “It does not matter whether it’s a nation-state, because that is just guessing at this point. But what you are signaling to bad actors is that this is possible and maybe too easy to do.”
Cyberattackers tend to go where there are demonstrated vulnerabilities, researchers…