Water treatment facility targeted by hackers

An unknown hacker tried to hack into the Oldsmar, Fla., water treatment system in the latest high-profile cyberattack against critical infrastructure facilities.

By Chris Vavra February 9, 2021

Hot on the heels of the high-profile SolarWinds attack comes another cyberattack. This one is more targeted and focused on a specific – and very critical – piece of infrastructure. A computer controlling the water treatment system in Oldsmar, Fla., was remotely accessed on Friday. Oldsmar is a suburb 15 miles Northwest of Tampa Bay with a population of about 15,000 residents.

The hacker accessed the software system and increased the sodium hydroxide content from 100 parts per million (ppm) to 11,100 ppm. The operator that detected this was able to bring the water content back to normal. There is no immediate danger to the people who rely on the plant for drinking water.

Sodium hydroxide (NaOH), commonly known as lye, is the chief ingredient in liquid drain cleaners. It is very corrosive and can cause irritation to the skin and eyes, along with temporary loss of hair. Swallowing it can cause damage to the mouth, throat and stomach and induce vomiting, nausea and diarrhea.

This attack is the latest incident involving critical infrastructure targets such as water treatment plants, electric grids and other sensitive targets that could cause major safety hazards. These cyber attacks have grown in scope and sophistication over the last few years and there are concerns it is only going to get worse, not better.

As a result, there is a growing need for manufacturers and operation managers to secure vulnerable computers, nodes and other access points (APs) from hackers. These APs, which used to be isolated and cut off from the internet, are now part of the Industrial Internet of Things (IIoT), which brings different devices together to help them communicate and interact with one another.

SolarWinds may have gotten the big headlines lately with the cyber attack, but the attempt on the Oldsmar water treatment facility highlights how everything is susceptible to an attack. If the attack went undetected or unnoticed for a long period of time, it could have led to severe issues.

Chris Vavra, web content manager, CFE Media & Technology, cvavra@cfemedia.com.

Original content can be found at www.industrialcybersecuritypulse.com.

Author Bio: Chris Vavra is senior editor for WTWH Media LLC.