The Pinellas County sheriff held a news conference on Monday, Feb. 8, 2021, to announce an intrusion into a small Florida town’s water treatment plant last week, reports The New York Times. Hackers briefly accessed the computer system in the same manner cybersecurity experts have warned against.
Sheriff Bob Gualtieri said the attack took place against a town north of Tampa Bay. He said the hackers attempted to raise the sodium hydroxide (lye) to dangerous levels — “changed from 100 parts per million to 11,100 parts per million.” If the hackers had been successful, those quantities could have greatly sickened the inhabitants of Oldsmar.
“This is dangerous stuff,” Gualtieri added. He urged managers of critical infrastructure systems to review and secure their computers. These include “the vast network of highways, connecting bridges and tunnels, railways, utilities and buildings necessary to maintain normalcy in daily life. Transportation, commerce, clean water, and electricity all rely on these vital systems,” explains Homeland Security.
How Did the Hackers Break-In?
One of the technicians at the Oldsmar water treatment plant reports hackers had taken control of his computer twice on Friday, February 5. At first, he was not concerned since management can take over a computer using remote-access software — TeamViewer.
However, several hours later, he noticed his cursor moving on its own again. This time, he saw the hackers had changed the plant’s systems and controls that dramatically increased the lye concentration.
The amount of sodium hydroxide that would have been released into the water supply had the computer operator not acted swiftly is considered to be highly corrosive to human tissue. He was able to correct the levels to the appropriate amount.
Oldsmar City Manager Al Braithwaite said TeamViewer has been disabled to ensure hackers cannot breach the system again.
Why Is There Sodium Hydroxide in the Water System? Is the Water Safe?
Channel 10 News in Tampa Bay assures Oldsmar residents the water is safe to consume and that at no time were they in danger as a result of the hackers’ invasion.
They were safe because it would take 24-36 hours for the chemical to reach homes and businesses in the city. Long before that could occur, an automated Ph testing safeguard would have notified the plant’s operators, foiling the hackers.
Sodium hydroxide, aka caustic soda or lye, is used by water treatment plants to control water acidity and limit pipe decay. It is also used to help eliminate heavy metals from the water.
According to Channel 10 News in Tampa Bay, the sheriff’s office FBI, and the United States Secret Service are investigating the breach. They have not determined who attempted to manipulate the system or if the hackers were stateside or abroad.
Written by Cathy Milne-Ware
The New York Times: ‘Dangerous Stuff’: Hackers Tried to Poison Water Supply of Florida Town; by Frances Robles and Nicole Perlroth
Department of Homeland Security: Critical Infrastructure
10 Tampa Bay WTSP: Oldsmar water treatment plant hack: 5 things to know about water safety, other cyberattacks; by Andrew Krietz
Featured and Top Image by Wknight94 Courtesy of Wikimedia – Creative Commons License
First Inset Image Courtesy of Lyn Lomasi’s Flickr Page – Creative Commons License
Second Inset Image Courtesy of Michael Hammon’s Flickr Page – Creative Commons License