Close
Close
Linkedin
Close
Close

Who really has access to your critical OT Data?

haring process and configuration files with external parties can unintentionally expose critical infrastructure. By implementing segmented partner environments, mandatory 2FA, automatic expiry, true end-to-end encryption, and strict logging, you minimize the risk of unwanted exposure.
Msafe-Prevent email-related data breaches

In sectors such as electricity, gas, and water, external maintenance providers and collaboration partners are essential. At the same time, they often represent the weakest link in the defense of operational technology (OT) environments. Below are three real-world examples of what can go wrong, followed by a practical five-step plan to make file sharing truly secure in OT settings.

1. Oldsmar, Florida: Water Treatment Almost Compromised
On February 5, 2021, a hacker gained access to the SCADA workstation at the Bruce T. Haddock Water Treatment Plant through TeamViewer. The attacker briefly increased the sodium hydroxide concentration from 100 ppm to 11,100 ppm, a level that could cause severe tissue damage. Only the vigilance of an operator prevented physical harm. The incident shows how desktop-sharing software can quickly turn into an operational safety risk.

2. Ukraine: The First Confirmed Cyberattack on a Power Grid
On December 23, 2015, attackers caused a coordinated blackout that left 225,000 Ukrainians without electricity. By stealing credentials, corrupting converter firmware, and deploying malware like KillDisk in substations, they disabled critical systems. This was the first confirmed cyberattack on a power grid and demonstrates how compromised file or firmware distribution can disrupt national infrastructure.

3. MOVEit Breach Hits U.S. Department of Energy
In June 2023, the Cl0p group exploited a SQL injection vulnerability in the widely used MOVEit file transfer software. Several U.S. government organizations, including entities within the Department of Energy, saw sensitive data exposed. This case highlights how even large-scale, reputable file-sharing products can trigger cascading data breaches from a single flaw.

Five steps to secure file sharing in OT Environments

  • Dedicated partner spaces per project
    Provide each partner with a separate environment and tailored access controls. Share only the files that are strictly necessary.
  • Mandatory two-factor authentication
    Enforce 2FA (via SMS or authenticator app) for every upload and download to block access from compromised credentials.
  • Automatic link expiry and retention periods
    Apply default expiration (e.g., seven days) to every share link and remove expired links automatically.
  • End-to-end encryption
    Ensure files are encrypted with AES-256 from sender device to recipient, with keys only available to authorized users.
  • Comprehensive audit logs and reporting
    Record every interaction — who, what, when, and from which IP address. Monthly reports speed up incident response and support compliance with NIS2 and ISO 27001.

Keeping Operational Technology Secure

Sharing process and configuration files with external parties can unintentionally expose critical infrastructure. By implementing segmented partner environments, mandatory 2FA, automatic expiry, true end-to-end encryption, and strict logging, you minimize the risk of unwanted exposure. This way, the data behind electricity, gas, and water supply remains reliable and secure, even in an era of growing cyber threats.

Share:

More Posts

KPMG research- why compliance in 2026 calls for Secure File Sharing
Blog

KPMG study: why compliance in 2026 calls for Secure File Sharing

Why is a Secure File Sharing solution indispensable in a good compliance policy? KPMG says in essence, organizations are facing more compliance pressures, increased privacy and cybersecurity requirements, and a growing need for monitoring, reporting and control. Our Msafe Secure File Transfer solution is perfect for an environment where sensitive files are exchanged encrypted, access-controlled and fully traceable.

Read More »
26/03/2026
Automate secure file sharing with the Msafe API
Blog

Automate secure file sharing with the Msafe API

More and more organizations want to automate file sharing. No longer manually uploading, sending and storing, but rather integrating secure file sharing directly into existing processes and systems. Msafe’s API makes this possible. Through an API, applications can automatically upload, share and link files to internal systems such as CRM or document management systems.

Read More »
12/03/2026
Can the US simply access Msafe data
Blog

Can the US just access Msafe data?

Your data resides with Msafe on Microsoft Azure in the Netherlands, with Microsoft Ireland as the contracting party. Yet we often hear the question: can U.S. legislation, such as the U.S. CLOUD Act, affect the sovereignty of customer data? In this article we clearly explain what the U.S. can and cannot enforce, why data location is not the same as jurisdiction, and how often this occurs in practice. We also show what measures Msafe deploys to minimize risk: EU hosting, client-side/end-to-end encryption, strict access with MFA and policies, and full audit trails. So that you can share securely and remain demonstrably compliant.

Read More »
26/02/2026
why email is obsolete technology
Blog

Why email is obsolete technology

Email is still the default channel in virtually every organization, but it was technically and organizationally designed for an Internet where “trust” was the default. In 2026, the reality is different: email is at once productivity inhibitor, risk accelerator and compliance headache.

Read More »
12/02/2026
Alternative to Zivver?
Blog

Alternative to Zivver?

Msafe Secure File Transfer is especially a logical alternative to Zivver
when you want to standardize file exchange with externals with strong governance and EU hosting as an explicit starting point.

Read More »
05/02/2026