February 23, 2021 | The Hill
Cybersecurity and your water: Hacker attempted to poison Florida city’s water supply
February 23, 2021 | The Hill
Cybersecurity and your water: Hacker attempted to poison Florida city’s water supply
Excerpt
An unknown hacker remotely accessed the chemical controls of a water treatment plant in the City of Oldsmar, near Tampa, Fla., earlier this month. This breach is a reminder that the country’s water infrastructure is poorly secured in cyberspace — and that vulnerabilities in this critical system pose real world consequences.
Upon gaining access to the system, the hacker increased the amount of sodium hydroxide in the water to dangerous levels. Sodium hydroxide is lye and the main ingredient in drain cleaner. At high levels, it would have poisoned the city’s drinking water. The hacker breached the network through TeamViewer software, a commonly used program for remote system maintenance. Industrial control systems cyber experts speculate that the hacker used stolen credentials.
As Samantha F. Ravich, our colleague at the Foundation for Defense of Democracies, observed last June, remote access applications and other types of programs and technology may “reduce costs, enhance efficiencies, and improve quality,” but because water utilities are “not implementing security systems and processes” in parallel, these programs also introduce vulnerabilities.
Retired Rear Admiral Mark Montgomery is a senior fellow at the Foundation for Defense of Democracies (@FDD), senior director of FDD’s Center on Cyber and Technology Innovation (CCTI), and senior advisor to the Cyberspace Solarium Commission. Annie Fixler is deputy director of CCTI. Follow the authors on Twitter @MarkCMontgomery and @AFixler. FDD is a Washington, D.C.-based, nonpartisan research institute focusing on national security and foreign policy.