Hacker Tries to Poison a Florida City's Water Supply Via Remote-Access System

Hacker Tries to Poison a Florida City's Water Supply Via Remote-Access System

Interested in Instrumentation?

Get Instrumentation articles, news and videos right in your inbox! Sign up now.

Instrumentation + Get Alerts

Experts have been warning for years that hackers could soon begin to wage cyberattacks on municipal water supplies, and the wake-up call for our industry has arrived. A hacker recently used remote-access software to take control of an operator’s computer at a water treatment facility in Oldsmar, Florida, increasing the level of sodium hydroxide in the city’s drinking water by a factor of 100, according to NPR.

The treatment plant operator was quickly able to raise the alarm and respond to the situation by getting sodium hydroxide levels back to normal, but the incident grabbed the attention of the FBI and Secret Service, which have initiated an investigation.

“The hacker changed the sodium hydroxide from about 100 parts per million to 11,100 parts per million,” Pinellas County Sheriff Bob Gualtieri said during a recent briefing, according to NPR. “This is obviously a significant and potentially dangerous increase. Sodium hydroxide, also known as lye, is the main ingredient in liquid drain cleaners. It’s also used to control water acidity and remove metals from drinking water.”

During the briefing, Gualtieri was asked if he considers the incident to be a bioterrorist attack. “It is what it is. Someone hacked into the system, not just once but twice,” he said.

Two times the hacker infiltrated Oldsmar’s system, although the first breach didn’t raise many eyebrows because it came via a remote-access system sometimes used by operators to monitor the plant. During the second breach, however, the hacker changed the sodium hydroxide settings, and that’s when the operator on the computer knew there was a problem and called the authorities.

The good news is that public health wasn’t affected by the incident, and that safety protocols at the plant worked as intended, but this incident should serve as a warning about the need for good cybersecurity practices at water/wastewater treatment facilities. For now, the remote-access system has been disabled at the Oldsmar facility.


Comments on this site are submitted by users and are not endorsed by nor do they reflect the views or opinions of COLE Publishing, Inc. Comments are moderated before being posted.