A common misconception in operational technology (OT) is that cyberattacks predominantly target IT systems, leaving physical infrastructure relatively secure.  However, recent attacks on utilities and manufacturing sectors reveal a troubling reality—cybercriminals are increasingly targeting OT environments, which manage crucial physical processes like water treatment, fuel pipelines, and transportation logistics.

The belief that OT is inherently safer due to isolated or air-gapped systems is outdated as IT and OT converge.  This increased connectivity exposes OT systems to the same vulnerabilities as IT, making them prime targets for cybercriminals and state-sponsored attackers.  The following five cyberattacks on OT systems illustrate the scale of this growing threat, and the consequences of weak security protocols in areas like remote access and network segmentation.

1. Colonial Pipeline Attack (2021)

In 2021, the Colonial Pipeline was attacked using ransomware, after attackers gained access through a compromised VPN password lacking multi-factor authentication (MFA).  While OT systems were not directly compromised, operations were halted to prevent further spread.  This resulted in fuel shortages across the U.S. East Coast, demonstrating how IT vulnerabilities can indirectly cripple OT operations.

Key Lessons: Strengthen VPN security and enforce MFA to protect both IT and OT systems.

2. Oldsmar Water Treatment Plant Breach (2021)

An attacker accessed the Oldsmar Water Treatment Plant via a remote desktop tool and attempted to alter chemical dosing levels in real-time.  Immediate detection by a plant operator averted a public health crisis. This incident underscores the risks posed by unsecured remote access tools in OT environments.

Key Lessons: Secure remote access with MFA and improve real-time monitoring of OT systems.

3. Maritime Transportation Facility Ransomware Attack (2020)

Ransomware hit a U.S. maritime facility, affecting both IT and OT systems responsible for cargo handling and vessel movement.  This led to a 30-hour operational shutdown, highlighting the vulnerability of logistics operations due to IT/OT convergence.

Key Lessons: Phishing-resistant authentication and network segmentation are essential to prevent ransomware from spreading across IT and OT systems.

4. Texas Water Utility Attack (2019)

Hackers breached a Texas water utility’s SCADA systems using weak remote access credentials.  Though no damage was done, the incident emphasized the importance of securing remote access and improving authentication protocols, especially in smaller utility operations.

Key Lessons: Use strong authentication and regularly audit access controls to protect critical OT systems.

5. San Francisco Water Treatment Attack (2021)

Hackers accessed a water treatment facility in the San Francisco Bay Area, attempting to delete essential management software.  While no disruption occurred, the attack showcased the danger of compromised credentials in OT environments, and the need for stronger access controls.

Key Lessons: Protect remote access tools and enforce stricter authentication for systems managing critical processes.

Conclusion: Key Lessons for Securing OT Systems

Three recurring vulnerabilities make OT systems attractive targets for cybercriminals:

1. Weak Remote Access Security: Many attacks, such as those on water treatment facilities, exploited weak authentication and unsecured remote access protocols.
2. IT/OT Convergence: Incidents like the Colonial Pipeline attack demonstrate how weaknesses in IT systems can lead to OT disruptions, highlighting the need for holistic cybersecurity strategies.
3. Real-Time Detection and Response: Immediate detection in some cases, such as Oldsmar, prevented more significant damage, but these events stress the need for better monitoring and detection capabilities.

To protect critical infrastructure, organizations must prioritize network segmentation, strengthen authentication, and invest in real-time monitoring and response mechanisms.  As IT and OT systems become more interconnected, a comprehensive approach to cybersecurity is more critical than ever to safeguard the physical processes that our modern society depends on.