In January 2021, a hacker accessed the digital infrastructure controlling the water supply for Oldsmar, a Florida city of 15,000 people. The bad actor attempted to manipulate the city’s water supply, exploiting a vulnerability in the company’s IT-grade remote access software to alter levels of sodium hydroxide in the water supply, raising its concentration to dangerous levels. Thankfully, an employee noticed the unusual activity on his computer screen, thwarting the attack before it put people at risk.
The incident is emblematic of a shifting threat landscape for utility companies that have maintained operational continuity throughout the pandemic by embracing remote or hybrid work arrangements. Forced to rapidly respond to a once-in-a-generation pandemic, utilities deployed an ad hoc approach to remote operations, using extra IT remote control software licenses for accessing their critical systems.
However, as remote work becomes a permanent fixture rather than a reactionary trend, utilities must implement a secure and manageable remote operations platform including strong multi-factor authentication (MFA), OT protocol isolation, and user-to-asset connection logging, monitoring, and recording. For leaders looking to develop this capacity, here are three must-have components of any effective solution.