In sectors such as electricity, gas, and water, external maintenance providers and collaboration partners are essential. At the same time, they often represent the weakest link in the defense of operational technology (OT) environments. Below are three real-world examples of what can go wrong, followed by a practical five-step plan to make file sharing truly secure in OT settings.
1. Oldsmar, Florida: Water Treatment Almost Compromised
On February 5, 2021, a hacker gained access to the SCADA workstation at the Bruce T. Haddock Water Treatment Plant through TeamViewer. The attacker briefly increased the sodium hydroxide concentration from 100 ppm to 11,100 ppm, a level that could cause severe tissue damage. Only the vigilance of an operator prevented physical harm. The incident shows how desktop-sharing software can quickly turn into an operational safety risk.
2. Ukraine: The First Confirmed Cyberattack on a Power Grid
On December 23, 2015, attackers caused a coordinated blackout that left 225,000 Ukrainians without electricity. By stealing credentials, corrupting converter firmware, and deploying malware like KillDisk in substations, they disabled critical systems. This was the first confirmed cyberattack on a power grid and demonstrates how compromised file or firmware distribution can disrupt national infrastructure.
3. MOVEit Breach Hits U.S. Department of Energy
In June 2023, the Cl0p group exploited a SQL injection vulnerability in the widely used MOVEit file transfer software. Several U.S. government organizations, including entities within the Department of Energy, saw sensitive data exposed. This case highlights how even large-scale, reputable file-sharing products can trigger cascading data breaches from a single flaw.
Five steps to secure file sharing in OT Environments
- Dedicated partner spaces per project
Provide each partner with a separate environment and tailored access controls. Share only the files that are strictly necessary. - Mandatory two-factor authentication
Enforce 2FA (via SMS or authenticator app) for every upload and download to block access from compromised credentials. - Automatic link expiry and retention periods
Apply default expiration (e.g., seven days) to every share link and remove expired links automatically. - End-to-end encryption
Ensure files are encrypted with AES-256 from sender device to recipient, with keys only available to authorized users. - Comprehensive audit logs and reporting
Record every interaction — who, what, when, and from which IP address. Monthly reports speed up incident response and support compliance with NIS2 and ISO 27001.
Keeping Operational Technology Secure
Sharing process and configuration files with external parties can unintentionally expose critical infrastructure. By implementing segmented partner environments, mandatory 2FA, automatic expiry, true end-to-end encryption, and strict logging, you minimize the risk of unwanted exposure. This way, the data behind electricity, gas, and water supply remains reliable and secure, even in an era of growing cyber threats.
