By Chris Riotta
Aug 03, 2021
When hackers exploited an outdated version of Windows in an apparent attempt to poison the water supply in Oldsmar, Fla., ThreatLocker co-founder and CEO Danny Jenkins said he wasn't just alarmed that the attackers had gained remote access to the plant's TeamViewer software to jack up levels of sodium hydroxide to a lethal dosage. It more concerning to the cybersecurity executive that a single operator could tamper with the chemical levels -- regardless of whether that person was a hacker or utility employee.
The legacy infrastructure common in local water treatment plants lacks even the most basic cybersecurity controls. "Why was an operator, a single person, able to turn a dial that could poison the water?" Jenkins said in a recent interview. "Water companies tend to live in the past because their technologies live in the past … Regardless of the IT parts of this and the controls we put in place, the limitations need to be put in place as well."