Last week Friday in the US state of Florida, specifically the city of Oldsmar, a hacker was able to breach the city’s water treatment plant computer systems and sow a bit of havoc.
After determining that they were able to breach the water treatment plant’s systems, the hackers returned and increased levels of sodium hydroxide in the water. In water treatment, sodium hydroxide is used to control the acidity of water and remove heavy metals from water intended to be used by people. Unfortunately, sodium hydroxide is also highly corrosive.
“The hacker changed the levels of sodium hydroxide from about 100 parts per million to 11 100 parts per million. This is obviously a significant and potentially dangerous increase,” Sheriff Bob Gualtieri said during a press conference on Monday.
Once the hacker was done and left, a plant operator, who was seemingly watching this happen, was able to correct the increase in sodium hydroxide levels.
“Because the operator noticed the increase and lowered it right away, at no time was there a significant adverse affect on the water that was being treated. Importantly, the public was never in danger,” Gualtieri added.
The sheriff further explains that various safeguards within the water treatment plant would have checked the water’s acidity at various stages before it was made available to the public.
An investigation into the matter is on going and if the attacker is found they could potentially face federal charges.
What chills our blood in our veins is that the operator noticed somebody briefly accessing the water treatment’s plants before the chemicals were messed with, according to a report from the Tampa Bay Times.
This was seemingly ignored because a supervisor often accesses the system remotely and that access was seemingly assumed to be the supervisor.
What we can infer from the above is that Oldsmar needs to invest in cybersecurity training and better security measures.
The fact that an operator was able to see somebody messing with chemical levels but couldn’t do anything about until the hacker left is mightily concerning.
As smart cities become more popular, we’d do well to make sure that events such as this are prevented as much as possible.
Lest we all wake up one day with a water system that’s been tainted by a hacker.