Skip to content

Discerning Data

  • About Us
  • Additional Resources
  • Contact Us

DISCERNING DATA

A Faegre Drinker Blog Covering the Latest in Privacy, Cybersecurity and Data Strategy

  • Privacy
  • Cybersecurity
  • Data Strategy

Disruptionware V: Malicious Cyber Actors Attack a Florida Water Treatment Facility

Share

We have posted four previous articles discussing the foundation and structure of what a disruptionware attack is, how their attack matrix works, possible defenses to disruptionware attacks and industries that are very susceptible to these attacks. Disruptionware has proven over the last year that it is a growing and dangerous cyber threat to our data, our businesses and possibly our lives.

Disruptionware attacks typically involve ransomware and they aim to encrypt and hold the victim’s data hostage. Such attacks are usually financially motivated, and, to date, there have fortunately been only a few known examples where the disruptionware attack has resulted in threats to health and safety or caused loss of life. When such significant collateral damage has occurred, it typically appears to have been inadvertently caused.

A recent cyberattack on a Florida water treatment plant, which has been widely reported in the media, provides a disturbing example of a probable disruptionware attack in which the malicious actors appear to have intended to use their attack to cause physical harm and, notionally, significant loss of life. Based on publicly-available information, it appears that the individual or individuals who engineered the attack on the Florida water treatment facility sought to poison the plant’s water supply, which could have led to serious health repercussions and possibly death for numerous people. To the extent these types of attacks – that is, those intended to cause physical harm or death, as opposed to financial harm – become more commonplace, it would represent a serious evolution to the disruptionware threat landscape.

While the threat actors who attacked the Florida water plant apparently did not attempt to lock up or destroy the plant’s networks – as is typically the case in “traditional” disruptionware attacks – there is no doubt that the attacker here intentionally penetrated the plant’s critical Operational Technology (OT) network in order to gain remote access to and control over the plant’s industrial control system network in order to launch their attack. Such an attack is especially dangerous because it compromises the physical infrastructure of the victim, which, in a worst-case scenario, can result in injuries or loss of life.

The recent critical infrastructure attack is yet another reminder that any business or entity can be targeted by cyber attackers, and companies should make every effort to protect their own critical assets. Disruptionware is already a serious issue for companies, and, as the Florida water treatment attack shows, it is an evolving and increasingly dangerous threat landscape. Companies should be proactive and protect themselves from being victimized by similar critical cyber-attacks.

Jason G. Weiss

About the Author: Jason G. Weiss

Jason G. Weiss leverages a past career as a cybersecurity and computer forensics professional with more than 22 years of decorated service at the FBI to guide clients through the complex and high-stakes issues associated with cybersecurity incident preparedness and response and compliance. View Jason's full bio on the Faegre Drinker website.

Subscribe and Receive Alerts to New Articles

SUBSCRIBE
February 17, 2021
Written by: Jason G. Weiss
Category: Cybersecurity, Privacy
Tags: cyberattack, disruptionware

Post navigation

Previous Previous post: Fifth Circuit Decision Motivates Covered Entities to Appeal Unreasonable Enforcement Outcomes
Next Next post: Non-Techies – Protect Your Digital Data by Securing Your Home and Business Wi-Fi

Search the Blog

Sign Up for Email Alerts

PODCASTS

Law and Technology Podcast

©2021 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

  • About Us
  • Additional Resources
  • Contact Us
We use cookies to improve your experience with our website. By browsing our site, you are agreeing to the use of cookies. For more information about how we use cookies, please review our privacy policy and cookie policy. OK
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

SAVE & ACCEPT