Hackers Accessed a Florida Town Water Treatment Facility System and Changed Chemical Levels

  • Hackers attempted to contaminate the water of a Florida town and make it caustic.
  • An employee working on the facility noticed the action and reversed it before it was too late.
  • Cybersecurity in American public utilities is poor, and changing that is well overdue.

Someone has managed to break into a Florida town water treatment facility ICS (Industrial Control System) platform and changed the chemical levels of substances, rendering the water unsafe to consume. Fortunately, the people responsible for the facility's operation realized the change and stopped the contaminated water from reaching the supply network.

The targeted water treatment unit serves the town of Oldsmar in Pinellas County and has a population of about 15,000 people. The following video is from the associated press conference that was held to assure the public that their health hasn’t been compromised.

The hackers used TeamViewer to take control of an employee computer located at the facility. Thankfully, they did so during working hours, so the employee was present and happened to be monitoring the computer screen. As such, we can say that the matter of detecting the intrusion was pure luck.

The hackers increased the amount of sodium hydroxide (caustic soda), which is used in small quantities to control water acidity. At higher concentrations, this substance can cause tissue damage through direct corrosive action, severe necrosis of the esophagus, and even death. The people who would have a shower with the said water could suffer dermatitis, loss of hair, and caustic skin irritation.

In May 2020, we covered the news about a report published by a team of researchers in the United States, which sent a warning to all public entities and governments in the country that their ICS are easily accessible by hackers. Characteristically, the report stated that the fact that nothing bad has happened yet is a matter of luck, as well as the potential existence of ethical reservations that foreign hackers may have concerning harming innocent civilians.

It is clear that these systems need to be protected properly, apply NIST cybersecurity standards, and remove liabilities like TeamViewer tools meant to help technicians provide support remotely. This is not a proper way to do stuff in 2021, and the Oldsmar town incident should serve as the tinder that lights the fire of change across the country.

Hitesh Sheth, CEO at Vectra, a cyber-threat hunting firm, shared the following comment with us:

Public utilities, including power and water systems, have been prime cyberattack targets for years. There’s a whole Russian cyber team, “Energetic Bear,” focused on hacking American energy infrastructure. In the Oldsmar case, it’s premature to assign motive or place blame. However, we’ve seen enough breaches of the US power grid, water systems, and even nuclear plants to conclude this: protecting these critical facilities, and upgrading their cyber defenses, should be a far higher priority.

Biden has appointed experts in the right positions to up the nation's cybersecurity levels and has also approved a hefty budget for the purpose. Still, the endeavor of taking care of everything will surely be challenging. Public utilities like water treatment and supply facilities should be prioritized nonetheless.



Why Is Demon Slayer So Popular?

In August 2019, the world suddenly started talking about an anime series that had just released its nineteenth episode. Fast forward to...

F1 Live Stream 2022: How to Watch Formula 1 Without Cable

There's not much time until the 2022 Formula 1 World Championship gets underway - the first race is scheduled for late March,...

Disney+ Announces Basketball Series Inspired By Award-Winning Book The Crossover

Disney Plus announced a new basketball-themed drama series that is set to land on the streaming platform, drawing inspiration from the critically...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari