Not long ago, a private operator thwarted a cyber attack targeting drinking water in a small town in Florida. The hacker intended to poison the mains water! This incident provides further proof of the vulnerability of certain vital infrastructures for the population.
A disaster narrowly avoided
Oldsmar is a small town of about 15,000 people in Pinellas County, Florida (United States). As an article in the New York Times February 8, 2021, this locality recently suffered a major cyber attack. A hacker has attempted to poison the drinking water circuit from the city. Fortunately, an operator of the water treatment plant avoided the disaster scenario in extremis. The person concerned noticed in time that someone was remotely manipulating the control panel of the installations.
Only five short minutes were enough for the hacker to break into the system. The latter considerably increased the amount of sodium hydroxide (NaOH – caustic soda) in water. You should know that at low doses, this substance helps prevent corrosion of pipes carrying water. On the other hand, a high dose is synonymous with poison for the organism, which can cause skin burns and serious eye damage.
New proof of weak systems
Florida Republican Senator Marco Rubio has said the incident is a matter of national security. The interested party also confirmed call for help from the FBI to conduct the investigation alongside local authorities. Adam Palmer, working for cybersecurity firm Tenable, said the attempt illustrates the nightmare for the entire cybersecurity community. According to him, this shows potential health impact individuals.
You should know that this kind of weakness does not date from yesterday. In 2016, hackers hacked into a company specializing in water treatment, namely Kemuri Water Company (KWC). It was actually a network diagnostic performed by cybersecurity company Verizon Wireless. However, hackers have managed to change the amount of chemical adjuvants that is added to recirculated drinking water.
It should be remembered that the cybernetic risks that could threaten the safety of populations also concern the electricity network. In early 2020, authorities spoke of an ongoing hack aimed at obtaining the passwords of companies managing the United States’ electricity grid. The pirates – probably Iranians – could have caused blackouts, whose consequences could have been dramatic.