How Hackers Almost Poisoned a Town’s Water Supply

A nightmare scenario came closer to reality last week when hackers infiltrated a Florida town’s water system and nearly poisoned its drinking water.

It happened in Oldsmar, Florida, a town of 15,000 in Pinellas County, Florida. City officials say hackers remotely changed the level of sodium hydroxide from 100 parts per million to 11,100 parts per million, which is enough to make people dangerously sick.

The authorities said the plot unfolded last Friday morning, when an employee noticed that someone was controlling his computer. He initially dismissed it because the city has software that allows supervisors to access computers remotely. But about five and a half hours later, the employee saw that different programs were opening and that the level of lye changed.

The intrusion lasted between three and five minutes, the sheriff said.

Though the hack was mitigated before it could reach the drinking supply, the scenario — a cyberattack on a water treatment facility that contaminates a town’s water — has long been feared by cybersecurity experts. Across the nation, water plant operators, plus those at dams and oil and gas pipelines, have accelerated the transformation to digital systems that allow engineers and contractors to monitor temperature, pressure and chemical levels from remote work stations. — New York Times

City officials say a series of alarms would have gone off before the tainted water ever made it into peoples’s homes. Still, Senator Marco Rubio (R-FL) said the attack should be treated as a serious national security issue.

For years, cyber security experts have warned of a breach like the one that occurred in Oldsmar. The incident is a reminder that municipalities must remain vigilant in protecting themselves from cyber threats.

No suspects have been named in the attack. Oldsmar has disabled remote access to the plant.

Read more the New York Times