County officials in Florida have uncovered a hacking attack on the water treatment system in Oldsmar, where an unidentified hacker attempted to remotely poison the town’s water supply.
On Friday, a supervisor noticed an intruder in the system, who adjusted the level of sodium hydroxide—lye—by over a hundred times the normal levels. The supervisor immediately returned the level back, with Pinellas County Sheriff Bob Gualtieri saying at no time was there a significant adverse affect on the city’s water supply.
Oldsmar has over 14,000 residents. According to the Tampa Bay Times, the hacker accessed the system remotely, controlled the mouse and worked on the software controlling water treatment, raising the amount of sodium hydroxide from 100 parts per million (ppm) to 11,100 ppm.
Gualtieri said at a press conference that it would have taken 24-36 hours for the water to reach the system and that there are several redundancies in place that would have provided an alert should levels get too high. The city has also taken further steps to prevent such incidents from occurring including disabling the remote-access system used in the attack.
Nonetheless, the incident raises fears over new and sophisticated acts of bioterrorism. It is not yet known whether the hacker was based in the United States or outside of it, for example. Gualtieri said investigators had some leads, but nobody had been arrested yet.
Other area municipalities have been alerted to the attack and encouraged to inspect the safeguards to their water treatment systems. Florida Senator Marco Rubio has asked for the water treatment hacking incident to be treated as a matter of national security, and said he will ask the FBI to provide assistance with the investigation.
Moreover, the attack comes after an unprecedented hacking operation that targeted a piece of software used by most Fortune 500 companies as well as several government agencies including the Department of Energy. The Solarwinds hack in 2020 is expected to have given hackers long-term access to countless systems in the United States, and has been dubbed a “Cyber Pearl Harbour”. US intelligence agencies including the FBI, NSA and CISA all attributed the attack to Russia.
