In sectors such as electricity, gas and water, third-party maintenance and collaboration partners are indispensable. At the same time, they are often the weakest link in the defense of operational technology (OT) environments. Here are three real-world examples of what can go wrong, followed by a practical five-step plan to make file sharing in OT truly secure.
1. Oldsmar, Florida: Water treatment nearly compromised
On February 5, 2021. a hacker accessed the SCADA workstation of the Bruce T. Haddock Water Treatment Plant. The attacker briefly increased the sodium hydroxide concentration from 100 ppm to 11,100 ppm, a level that could cause serious tissue damage. Only an operator’s alertness prevented physical damage. This incident shows how desktop sharing software can quickly become an operational security risk.
2. Ukraine: The first confirmed cyber attack on a power grid
On Dec. 23, 2015, attackers caused a coordinated power outage that left 225,000 Ukrainians without electricity. By stealing login credentials, corrupting firmware and inserting malware such as KillDisk into substations, they disabled critical systems. This was the first confirmed cyber attack on a power grid and shows how compromised file or firmware distribution can disrupt national infrastructure.
3. MOVEit leak hits U.S. Department of Energy
In June 2023, the the Cl0p group misused an SQL injection in the widely used MOVEit file transfer software. Multiple U.S. government agencies, including parts of the Department of Energy, saw sensitive data leaked. This case highlights how even large-scale and reputable file-sharing products can cause a chain reaction of data breaches due to a single vulnerability.
Five steps for secure file sharing in OT environments
- Separate partner spaces by project
Give each partner a separate environment with customized access rights. Share only the strictly necessary files. - Mandatory two-factor authentication
Enforce 2FA (via SMS or authenticator app) on every upload and download to prevent misuse of stolen credentials. - Automatic link expiration and retention periods
Apply default expiration (for example, seven days) to each partial link and automatically remove expired links. - End-to-end encryption
Encrypt files with AES-256 from sender to receiver, with keys available only to authorized users. - Comprehensive audit logs and reporting
Capture every interaction – who, what, when and from what IP address. Monthly reports accelerate incident response and support compliance with NIS2 and ISO 27001.
Keeping operational technology truly secure
Sharing process and configuration files with external parties can inadvertently expose critical infrastructure. By implementing separate partner environments, mandatory 2FA, automatic expiration dates, true end-to-end encryption and strict logging, you minimize the risk of unwanted exposure. This keeps the data behind electricity, gas and water supplies reliable and secure – even in a time of growing cyber threats.
