A hacker gained access into the water treatment system of Oldsmar, Florida, on Friday and tried to increase the levels of sodium hydroxide -- commonly referred to as lye -- in the city's water, officials said, putting thousands at risk of being poisoned.
This is a successful incident response story. The duty-operator immediately noticed the attack, watched the level be changed and immediately restored it the proper level. They then disabled their remote access system and noted that had there were additional "downstream" monitors that would have triggered had their first level control (the operator) failed.
So kudos for Detect and Respond, but Protect does seem to have room for improvement (e.g. MFA and isolation) that will become evident in the lessons-learned phase.
Turns out their "remote access solution" was teamviewer, which notoriously does not play nice with corporate security (e.g. no SAML nor MFA in thier standard package).
