Recently, a simple operator thwarted a cyber attack targeting drinking water in a small town in Florida. The hacker intended to poison the network water! This incident provides further proof of the vulnerability of certain vital infrastructures for the population.
Oldsmar is a small town of about 15,000 people in Pinellas County, Florida (USA). As an article in the New York Times explains of February 8, 2021, this locality recently suffered a major cyber attack. A hacker tried to poison the drinking water circuit from the city. Fortunately, a water treatment plant operator avoided the disaster scenario in extremis. The person concerned noticed in time that someone was remotely manipulating the control panel of the installations.
It only took the hacker five minutes to break into the system. The latter significantly increased the amount of sodium hydroxide (NaOH – caustic soda) in water. You should know that at low doses, this substance helps prevent corrosion of pipes carrying water. On the other hand, a high dose is synonymous with poison for the body , which can cause burns to the skin and serious damage to the eyes.
Republican Florida Senator Marco Rubio said the incident was a matter of national security. The person concerned also confirmed the call for reinforcement from the FBI to conduct the investigation alongside the local authorities. Adam Palmer, working for cybersecurity firm Tenable, said the attempt illustrates the nightmare of the entire cybersecurity community. According to him, this demonstrates the potential impact on health individuals.
You should know that this kind of weakness is not new. In 2016, hackers hacked into a water treatment company, namely Kemuri Water Company (KWC). It was actually a network diagnostic performed by cybersecurity company Verizon Wireless. However, hackers managed to modify the amount of chemical additives added to recirculated potable water.
Remember that the cybernetic risks that can affect the safety of populations also concern the electrical network. At the beginning of 2020, the authorities mentioned an ongoing hack whose goal was to obtain the passwords of companies managing the United States electricity network. Hackers – probably Iranian – could have caused blackouts, the consequences of which could have been dramatic.