The 2021 Oldsmar Water Treatment Plant incident in Florida provided a starkwarning about the dangers of unsecured remote access to essential services.

An unidentified cyber actor gained unauthorized access to the SupervisoryControl and Data Acquisition (SCADA) system by exploiting a combinationof poor cybersecurity weaknesses, including an outdated operating system(Windows 7) and weak password security. Initial analysis indicated that theattacker used an inactive account on an exposed desktop-sharing software(TeamViewer) to gain remote access to the HMI.

This granted complete remote control, allowing the attacker to increase theconcentration of sodium hydroxide (lye) in the drinking water, a caustic chemicalthat could have posed a public health threat. Although water treatment personnelimmediately noticed and corrected the change, the incident highlighted howeasily generic, publicly exposed remote access tools can provide a path tophysical manipulation.

The primary vulnerability was the exposure of a commercial desktop-sharingapplication that, when compromised, provided complete administrative control.BlastWave eliminates this exposure.

Instead of relying on vulnerable RDP or commercial sharing software exposed tothe internet, remote support access is achieved through a secure, identity-validated tunnel that runs the BlastAccess remote desktop application. This tunnelis dynamically created only for the specific, authorized identity, for a definedduration, and strictly to the specific HMI application needed.

This approach ensures the access is temporary, audited, and strictly limited, preventing an attacker from gaining full control over the underlying network or OS.