Published Date: 2021-02-08
| Postmortem Analysis | |
|---|---|
| Timeline | 1. The software failure incident at the water treatment plant in Oldsmar, Florida, happened on February 5, 2021 [110684, 111090]. 2. The incident occurred on February 5, 2021. |
| System | 1. TeamViewer remote access software [111095, 110753, 110684] 2. Windows 7 operating system [111095, 111089] 3. Remote access software used by the water treatment facility [110684] 4. Shared password for remote access [111120] 5. Lack of multi-factor authentication [111090] |
| Responsible Organization | 1. A hacker gained access to the water treatment plant in Oldsmar, Florida, and attempted to poison the water supply [Article 110684]. 2. The hacker remotely accessed the system using a dormant remote access software called TeamViewer [Article 111090]. 3. The incident was caught by a human operator at the facility [Article 111090]. |
| Impacted Organization | 1. Water treatment plant in Oldsmar, Florida [110708, 111095, 111144, 111089, 110753, 111120] 2. Critical infrastructure systems in the United States [110684, 111120] 3. Public water suppliers [111090] |
| Software Causes | 1. The hackers gained access to the water treatment facility in Oldsmar, Florida by exploiting an outdated version of Windows and weak cybersecurity network [Article 111095]. 2. The hackers remotely accessed the system controlling the water treatment plant using the remote access software TeamViewer, which had been dormant for months [Article 110734]. 3. The hacker attempted to poison the water supply by manipulating the levels of sodium hydroxide using the TeamViewer software [Article 110684]. 4. The water treatment plant had multiple computers running an aging version of Microsoft Windows that shared a single password to access the remote management software [Article 111090]. |
| Non-software Causes | 1. Lack of proper cybersecurity measures and weak password security: The FBI memo highlighted poor password security and the use of an outdated Windows 7 operating system as contributing factors to the breach [Article 111095]. 2. Insecure remote access systems: The water treatment facility used a remote access program that was dormant for months, allowing the hacker to gain unauthorized access [Article 110734]. 3. Lack of network segregation: The operational technology network controlling physical equipment was externally accessible and connected to the internet, making it vulnerable to attacks [Article 110684]. 4. Shared accounts and lack of multi-factor authentication: The water treatment plant had multiple computers sharing a single password for remote access, lacking proper authentication measures [Article 111090]. |
| Impacts | 1. The hacker attempted to poison the water supply by increasing the levels of sodium hydroxide from 100 parts per million to 11,100 parts per million at a water treatment facility in Oldsmar, Florida. Fortunately, the change was quickly reversed by an operator, and the public was not in immediate danger [Article 110684]. 2. The incident highlighted vulnerabilities in critical infrastructure systems, particularly in water treatment facilities, due to the use of remote access software and the lack of proper cybersecurity measures [Article 111120]. 3. The hack exposed the potential risks associated with insecure remote work software, as the water treatment facility had used outdated software and shared passwords, making it susceptible to hacking attempts [Article 111090]. 4. The incident raised concerns about the security of critical infrastructure systems, especially as more systems become computerized and accessible via the internet, posing a risk of cyberattacks on essential services [Article 111090]. 5. The hack underscored the need for stronger authentication measures and enhanced cybersecurity protocols for critical infrastructure systems to prevent similar incidents in the future [Article 111090]. |
| Preventions | 1. Strong authentication measures, such as multi-factor authentication, could have prevented unauthorized access to the water treatment facility's control systems [111090]. 2. Implementing Virtual Private Network (VPN) technology to ensure that the systems are not directly exposed to the internet could have enhanced security [111090]. 3. Avoiding the use of shared accounts and ensuring each user has unique credentials would have reduced the risk of unauthorized access [111090]. 4. Segregating IT and OT networks and limiting connections from operational technology systems to the internet could have prevented external access to critical infrastructure systems [111120]. 5. Upgrading outdated software systems, such as moving away from Windows 7, and implementing complex protections against cyber threats could have enhanced the security of the water treatment facility [111095, 111089]. |
| Fixes | 1. Implement strong authentication measures for remote access systems used in critical infrastructure facilities to prevent unauthorized access [Article 111090]. 2. Upgrade outdated software systems, such as Windows 7, to ensure they are supported with security updates and patches [Article 111095]. 3. Segregate IT and OT networks to enhance security and limit connections from operational technology systems to the internet [Article 111120]. 4. Utilize multi-factor authentication and Virtual Private Network (VPN) technology to secure remote access systems and prevent direct exposure to the internet [Article 111090]. 5. Conduct regular security audits and updates to protect critical infrastructure systems from cyberattacks [Article 111090]. | References | 1. Pinellas County Sheriff Bob Gualtieri [Article 111090, Article 110684] 2. Massachusetts government advisory [Article 111090, Article 110684] 3. TeamViewer spokesperson Martina Dier [Article 111090] 4. Damon Small, Technical Director of Security Consulting at NCC Group North America [Article 111090, Article 110684] 5. Eric Cole, former CIA cybersecurity expert [Article 111090] 6. Various cybersecurity experts and analysts [Article 111090] |
| Category | Option | Rationale |
|---|---|---|
| Recurring | one_organization, multiple_organization | (a) The software failure incident having happened again at one_organization: - The incident at the water treatment facility in Oldsmar, Florida, where hackers attempted to poison the water supply by manipulating the levels of sodium hydroxide, was caught by a human operator at the facility, preventing harm to the public [Article 111090]. - The incident highlighted the vulnerability of critical infrastructure systems due to insecure remote work software, as the hackers gained access to the facility using a dormant remote access software [Article 111090]. (b) The software failure incident having happened again at multiple_organization: - The incident at the water treatment facility in Oldsmar, Florida, is not unique, as cybersecurity experts have seen incidents where hackers accessed software applications that control physical equipment and attempted to manipulate them [Article 110684]. - The incident at the water treatment facility in Oldsmar, Florida, is part of a broader trend where critical infrastructure systems like water treatment plants are vulnerable to cyberattacks, especially due to budget cuts and remote work scenarios during the Covid-19 pandemic [Article 110684]. |
| Phase (Design/Operation) | design, operation | (a) The software failure incident occurring due to the development phases: - The incident at the Florida water treatment facility was a result of hackers gaining access to the system through a dormant remote access software, TeamViewer, that was still on the system despite not being actively used for about six months [Article 111095]. - The hackers exploited cybersecurity weaknesses, including poor password security and an outdated Windows 7 operating system, to compromise the software used to remotely manage water treatment [Article 111095]. - The hackers remotely accessed the water treatment plant's computer system because the facility was using an outdated version of Windows and had weak cybersecurity network [Article 111095]. - The incident highlighted the vulnerability of critical infrastructure systems to cyberattacks, especially when systems become more computerized and accessible via the internet [Article 110684]. (b) The software failure incident occurring due to the operation phases: - The plant operator at the water treatment facility noticed the unusual activity on the computer system, where the hacker was manipulating the controls to change the levels of sodium hydroxide in the water supply [Article 110684]. - The operator quickly spotted the intrusion and reversed the changes made by the hacker, preventing the contaminated water from reaching the city's population [Article 110684]. - The incident underscored the importance of human operators in catching and mitigating cyber intrusions in critical infrastructure systems [Article 110684]. - The incident highlighted the potential risks associated with insecure remote work software and the need for strong authentication and security measures when critical infrastructures use remote access systems [Article 111090]. |
| Boundary (Internal/External) | within_system, outside_system | (a) The software failure incident at the Florida water treatment facility in Oldsmar was primarily due to contributing factors that originated from within the system. The incident involved hackers gaining access to the facility's computer system using remote access software, such as TeamViewer, that was shared by plant workers [Article 111095]. The hacker remotely accessed the system and attempted to change the levels of sodium hydroxide in the water supply, which could have been dangerous if not caught in time by the plant operator [Article 111122]. The incident highlighted vulnerabilities in the system, including the use of outdated software like Windows 7 and poor password security, which allowed the hacker to compromise the software used to remotely manage water treatment [Article 111095]. Additionally, the incident underscored the importance of securing remote access systems and implementing strong authentication measures to prevent unauthorized access [Article 111090]. (b) The software failure incident at the Florida water treatment facility in Oldsmar also involved contributing factors that originated from outside the system. The hackers who attempted to poison the water supply gained access to the facility's computer system remotely, indicating an external source of the breach [Article 110684]. The incident highlighted the risks associated with insecure remote work software, which can be a major source of weakness for hacking and can leave systems vulnerable to targeted attacks [Article 111090]. The hackers exploited the remote access software used by the facility, which was accessible from the internet, emphasizing the need for strong security measures to protect critical infrastructure systems from external threats [Article 111120]. |
| Nature (Human/Non-human) | human_actions | (a) In the software failure incident at the water treatment plant in Oldsmar, Florida, the hack was initiated by a hacker remotely accessing the system using a dormant remote access software, TeamViewer. The hacker attempted to poison the water supply by increasing the levels of sodium hydroxide to dangerous levels. The incident was quickly caught by a human operator at the facility, preventing harm to the public [110684, 111090]. (b) The human actions contributing to the software failure incident included the use of insecure remote work software and shared passwords at the water treatment facility. The plant had multiple computers running an aging version of Windows with shared passwords to access the remote management software. These vulnerabilities allowed the hacker to gain access to the control systems and attempt to poison the water supply [111090]. |
| Dimension (Hardware/Software) | hardware, software | (a) The software failure incident occurring due to hardware: - The incident at the Florida water treatment facility was due to a hacker gaining access to the system through remote access software, such as TeamViewer, which was externally accessible (Article 111120). - The plant's operational technology systems were externally accessible, and evidence points to the attacker accessing them from the internet (Article 110684). - The incident highlighted the vulnerability of critical infrastructure systems like water treatment plants, which are often digitally vulnerable due to budget constraints and remote work scenarios (Article 110684). (b) The software failure incident occurring due to software: - The hack at the water treatment facility was facilitated by the use of outdated software, such as Windows 7, which had not been updated in a year, and had poor password security (Article 111095). - The hackers gained access to the water facility's control systems through remote access software, like TeamViewer, which was dormant for months, indicating a weakness in the software (Article 111090). - The incident underscored the vulnerabilities in using insecure remote work software, which allowed the hacker to gain access to the system controlling the water treatment plant (Article 111090). |
| Objective (Malicious/Non-malicious) | malicious | (a) The software failure incident at the water treatment plant in Oldsmar, Florida, was malicious in nature. Hackers remotely accessed the plant's computer system using remote access software and attempted to poison the water supply by increasing the levels of sodium hydroxide to dangerous levels [Article 110684]. The incident was caught by a human operator at the facility, preventing harm to the public [Article 111090]. (b) The software failure incident was non-malicious in the sense that the plant operator initially dismissed the unusual activity on the computer, assuming it was a supervisor accessing the system remotely as part of routine monitoring [Article 110684]. Additionally, the incident was quickly detected and reversed by the operator, indicating that there was no intent to harm the system [Article 111090]. |
| Intent (Poor/Accidental Decisions) | poor_decisions | (a) The intent of the software failure incident: - The incident at the Florida water treatment facility involved hackers gaining access to the system and attempting to poison the water supply by increasing the levels of sodium hydroxide to dangerous levels [Article 110684]. - The hackers remotely accessed the system using a dormant remote access software and tried to change the water supply's levels of sodium hydroxide, indicating a deliberate attempt to sabotage the system [Article 111090]. - The attack was caught by a human operator at the facility, and the incident highlights the potential vulnerability of critical infrastructure due to insecure remote work software [Article 111090]. (b) The intent of the software failure incident: - The incident at the Florida water treatment facility was not intentional but rather a result of a hacker gaining access to the system and attempting to poison the water supply [Article 110684]. - The hackers gained access to the water facility's control systems through remote access software and attempted to change the water supply's levels of sodium hydroxide, indicating an unintended consequence of the system's vulnerabilities [Article 111090]. - The rise of remote work due to the pandemic has left workers more vulnerable to targeted attacks, leading to potential security breaches in critical infrastructure systems like water treatment plants [Article 111090]. |
| Capability (Incompetence/Accidental) | development_incompetence | (a) The software failure incident occurring due to development_incompetence: - The incident at the Florida water treatment facility was due to the use of insecure remote access software, such as TeamViewer, which was not properly secured and had vulnerabilities that allowed hackers to gain unauthorized access [Article 111090]. - The water treatment plant in Oldsmar, Florida, had multiple computers running an outdated version of Windows and shared a single password for remote access, indicating a lack of professional competence in securing the systems [Article 111090]. - The incident highlighted the vulnerability of critical infrastructure systems like water treatment plants due to inadequate security measures and the use of outdated software, showcasing a lack of professional competence in ensuring cybersecurity [Article 111090]. (b) The software failure incident occurring due to accidental: - The incident at the water treatment facility in Oldsmar, Florida, where hackers attempted to poison the water supply, was caught by a human operator who noticed the unauthorized changes and quickly reversed them, preventing harm to the public [Article 110684]. - The hack at the water treatment plant was described as an attempt at active sabotage of critical infrastructure systems, but the quick detection and intervention by the operator prevented any significant adverse effects on the water supply [Article 111122]. - The incident highlighted the potential risks associated with insecure remote work software and the accidental vulnerabilities introduced by the use of such systems in critical infrastructure facilities [Article 111090]. |
| Duration | temporary | From the articles, the software failure incident at the water treatment plant in Oldsmar, Florida, can be classified as a temporary failure. The incident occurred on February 5 when hackers gained access to the plant's system and attempted to poison the water supply by changing the levels of sodium hydroxide. The intrusion was quickly detected by a plant operator who noticed the unauthorized changes and promptly reversed them, preventing any harm to the public [Article 111090]. The incident lasted for a brief period, with the hacker being active for three to five minutes before the operator intervened and restored the proper chemical mix. The hacker's attempt to manipulate the system was thwarted within minutes, indicating a temporary disruption rather than a permanent failure [Article 110684]. |
| Behaviour | other | (a) crash: The incident at the water treatment plant in Oldsmar, Florida, involved a potential crash scenario where the hacker remotely accessed the system and attempted to change the levels of sodium hydroxide in the water supply. The system operator quickly intervened to reverse the changes, preventing any harm to the public [Article 110684]. (b) omission: The incident at the water treatment plant in Oldsmar, Florida, could have led to an omission scenario where the system might have failed to perform its intended functions of maintaining safe levels of chemicals in the water supply. However, the operator caught the intrusion and corrected the levels before any harm occurred [Article 111090]. (c) timing: The timing of the incident at the water treatment plant in Oldsmar, Florida, was crucial. The hacker attempted to change the levels of sodium hydroxide in the water supply, but the operator detected and corrected the issue in time to prevent any adverse effects on the water being treated [Article 110684]. (d) value: The incident at the water treatment plant in Oldsmar, Florida, could have led to a value scenario where the system might have performed its intended functions incorrectly by allowing dangerous levels of sodium hydroxide to be introduced into the water supply. However, the operator's quick response prevented any harm [Article 111090]. (e) byzantine: The incident at the water treatment plant in Oldsmar, Florida, did not exhibit a byzantine behavior where the system behaves erroneously with inconsistent responses and interactions. The hacker's actions were detected and corrected promptly by the operator, preventing any adverse consequences [Article 110684]. (f) other: The incident at the water treatment plant in Oldsmar, Florida, involved a potential security breach where a hacker gained unauthorized access to the system and attempted to manipulate the levels of chemicals in the water supply. The system operator's intervention prevented any harm, highlighting the vulnerability of critical infrastructure systems to cyberattacks [Article 111090]. |
| Layer | Option | Rationale |
|---|---|---|
| Perception | processing_unit, embedded_software | (a) sensor: The incident at the water treatment facility in Oldsmar, Florida, involved a hacker remotely accessing the system and attempting to change the levels of sodium hydroxide in the water supply. The changes were noticed by a plant operator who saw the cursor moving on its own and adjusting the chemical levels. The sensor error was detected by the human operator, indicating that the failure was not directly related to a sensor error but rather to unauthorized access and manipulation of the system [110684]. (b) actuator: The incident at the water treatment facility in Oldsmar, Florida, involved a hacker gaining access to the system and attempting to change the levels of sodium hydroxide in the water supply. The changes were made by the hacker manipulating the controls through remote access software. The actuator error was not explicitly mentioned as a contributing factor in the failure incident [110684]. (c) processing_unit: The cyberattack on the water treatment facility in Oldsmar, Florida, involved a hacker remotely accessing the system and attempting to change the levels of sodium hydroxide in the water supply. The hacker manipulated the controls through remote access software, indicating that the processing unit was compromised. The incident highlighted vulnerabilities in the system's remote access capabilities and potential weaknesses in the processing unit's security [110684]. (d) network_communication: The cyberattack on the water treatment facility in Oldsmar, Florida, involved a hacker gaining access to the system through remote access software. The hacker attempted to change the levels of sodium hydroxide in the water supply by manipulating the controls remotely. The incident raised concerns about the security of network communication and the potential risks associated with external access to critical infrastructure systems [110684]. (e) embedded_software: The incident at the water treatment facility in Oldsmar, Florida, involved a hacker gaining unauthorized access to the system and attempting to change the levels of sodium hydroxide in the water supply. The hacker manipulated the controls through remote access software, indicating potential vulnerabilities in the embedded software used in the system. The incident underscored the importance of securing embedded software in critical infrastructure systems to prevent unauthorized access and manipulation [110684]. |
| Communication | connectivity_level | (a) The failure was related to the communication layer of the cyber physical system that failed: - The incident at the Florida water treatment facility involved hackers gaining access to the system through remote access software, such as TeamViewer, to manipulate the controls of the water treatment plant [Article 110684]. - The hackers attempted to poison the water supply by changing the levels of sodium hydroxide, a chemical used in water treatment, through remote access to the plant's systems [Article 111090]. - The incident highlighted the vulnerability of critical infrastructure systems like water treatment plants to cyberattacks due to insecure remote work software and potential weaknesses in the communication layer of the systems [Article 111090]. (b) The failure was related to the communication layer of the cyber physical system that failed: - The incident involved the hackers gaining access to the water treatment facility's control systems through remote access software, indicating potential vulnerabilities at the network or transport layer of the system [Article 111090]. - The use of remote access software like TeamViewer, which was accessed by the hackers, suggests a potential weakness at the network or transport layer of the system that allowed unauthorized access to critical infrastructure systems [Article 110684]. - The incident underscored the need for strong authentication and security measures when using remote access systems to prevent unauthorized access to critical infrastructure systems [Article 111090]. |
| Application | TRUE | The software failure incident related to the application layer of the cyber physical system that failed with the definition provided is the hacking attempt on the water treatment plant in Oldsmar, Florida. Here is the relevant information from the articles: 1. The incident involved hackers gaining access to the water treatment plant's control systems through remote access software known as TeamViewer. The hackers remotely accessed the system and attempted to change the levels of sodium hydroxide in the water supply, which could have had severe consequences ([Article 111090], [Article 111120]). 2. The hackers compromised the water treatment plant's TeamViewer software to gain remote access to the target computer, and network logs confirmed the operator's mouse takeover story. The hacker accessed the system controls and attempted to change the water supply's levels of sodium hydroxide ([Article 110684]). 3. The incident highlighted the vulnerability of critical infrastructure systems like water treatment plants to cyberattacks due to insecure remote work software and lack of proper security measures. The attack was aimed at actively sabotaging the systems that control a US city's critical infrastructure ([Article 111120]). Therefore, based on the information provided in the articles, the failure in the Oldsmar water treatment plant incident was related to the application layer of the cyber physical system due to the hacking attempt that involved unauthorized access and manipulation of the system controls. |
| Category | Option | Rationale |
|---|---|---|
| Consequence | non-human, theoretical_consequence | (a) death: People lost their lives due to the software failure - No incidents of death were reported due to the software failure incident. [110684, 111090] (b) harm: People were physically harmed due to the software failure - The incident did not result in physical harm to individuals as the operator quickly intervened to reverse the changes. [110684, 111090] (c) basic: People's access to food or shelter was impacted because of the software failure - The incident did not impact people's access to food or shelter. [110684, 111090] (d) property: People's material goods, money, or data was impacted due to the software failure - There was no mention of people's material goods, money, or data being impacted by the software failure incident. [110684, 111090] (e) delay: People had to postpone an activity due to the software failure - The incident did not lead to any reported delays in activities. [110684, 111090] (f) non-human: Non-human entities were impacted due to the software failure - The incident involved an attempt to poison the water supply by manipulating the levels of sodium hydroxide, impacting the water treatment system. [110684, 111090] (g) no_consequence: There were no real observed consequences of the software failure - The incident did not result in any real observed consequences as the operator was able to quickly reverse the changes. [110684, 111090] (h) theoretical_consequence: There were potential consequences discussed of the software failure that did not occur - The incident had the potential to cause harm if the changes were not reversed, but due to quick intervention, no significant adverse effects occurred. [110684, 111090] (i) other: Was there consequence(s) of the software failure not described in the (a to h) options? What is the other consequence(s)? - There were no other consequences reported in the articles related to the software failure incident. |
| Domain | utilities | (a) The failed system was intended to support the utilities industry, specifically the water treatment plant in Oldsmar, Florida. The system was targeted by hackers who attempted to poison the water supply by manipulating the levels of sodium hydroxide [110708, 111095, 111144, 111089, 111113, 110734, 110875, 110753, 111120]. (g) The incident was related to the utilities industry, specifically the water treatment facility in Oldsmar, Florida, which was targeted by hackers attempting to poison the water supply by changing the levels of sodium hydroxide [110684, 111122, 111120]. (m) The failed system was related to the utilities industry, specifically the water treatment plant in Oldsmar, Florida, which was targeted by hackers attempting to manipulate the water supply by changing the levels of sodium hydroxide [111090]. |
Article ID: 110708
Article ID: 111095
Article ID: 111144
Article ID: 111089
Article ID: 111113
Article ID: 110734
Article ID: 110875
Article ID: 110753
Article ID: 111122
Article ID: 111120
Article ID: 110684
Article ID: 111090