The latest breach to the Colonial Pipeline highlights the importance of cybersecurity in critical infrastructure. Following the ransomware infection, Colonial had to shut down its pipeline control system—which is responsible for approximately 45 per cent of the fuel for the East Coast of the US. This comes as the municipal water facility for Oldsmar, FL is recovering from a breach where an attacker attempted to raise sodium hydroxide levels in the water being treated to levels that could harm its residents. Although the Colonial breach details are not fully known, the Oldsmar breach occurred due to weak access controls and the use of insecure remote access software.

Key takeaways:

  1. The Oldsmar breach was thwarted because a water utility technician noticed irregularities in changes to the sodium hydroxide level in the utility’s control system. The question is: how well are utilities proactively monitoring their OT environments for cybersecurity events? Luck should not be a factor in identifying changes that could lead to harm.
  2. It’s imperative that utilities continue to improve IT / OT convergence – or ensure that corporate IT and engineering teams work together.   
  3. Systems must be monitored with use cases that span IT and OT networks. Many breaches begin in the organization’s corporate IT network and laterally move to the OT network and control systems.
  4. Oldsmar permitted remote access to their control system, which lacked appropriate user authentication and authorization controls. Organizations should ensure strong processes over privileged access, including controlling privileged user activity, multi-factor authentication, strong passwords and proper tracking of these activities.
  5. Be prepared. Don’t simply look at IT systems—ensure OT is part of the process. If you must shut down your operations, what would that look like? Who would be involved? How would you communicate the shutdown? Have you tested this?


Peter Morin
National Cybersecurity Leader, Grant Thornton LLP