In Oldsmar, Florida, a city of 15,000 people in the Tampa Bay area, a hacker remotely accessed the water treatment plant and adjusted the lye levels in the city’s drinking water, raising it to more than 100 times the normal level.

Pinellas County Sheriff Bob Gualtieri said, “It’s a bad act. It’s a bad actor. It’s not just a little chlorine, or a little fluoride – you’re basically talking about lye.”

A remote access software program called TeamViewer was used to infiltrate the water treatment facility. The intruder entered the system twice: 8 a.m. and 1:30 p.m. It is unclear whether the hacker entered the system by the use of a password, though it is required to use the system remotely, according to the assistant city manager Felicia Donnelly.

The hacker’s efforts were immediately caught by the system’s operator, who reduced the levels within the system. No significant changes were noted in the city’s water supply; the public was never in danger. The intrusion lasted between three and five minutes, according to the sheriff. 

Senator Marco Rubio, R-FL, said the attempt to poison the water supply should be treated as a “matter of national security.”

The incident highlights how critical infrastructure systems are to hackers due to online and remote-use programs. Experts have warned that these programs can be exploited by hackers looking to harm or inflict bioterrorism. Nationwide, water plant operators (including those at dams, oil, and gas pipelines) have welcomed the digital technology transformation, allowing contractors and engineers to monitor temperature, pressure, and chemical levels from remote work stations.

During the 2020 coronavirus lockdown in Israel, officials reported hackers affiliated with Iran’s Islamic Revolutionary Guard Corps made a failed attempt to hack the country’s water supply and adjust the chlorine levels. Such attacks date back to 2007, when the United States and Israel conducted a joint attack on Iran’s Natanz nuclear facility, disabling nearly 1,000 uranium centrifuges.

The former director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, Chris Krebs, said, “Unfortunately, that water treatment facility is the rule rather than the exception. When an organization is struggling to make payroll and keep systems on a generation of technology created in the last decade, even the basics in cybersecurity often are out of reach.”

Gualtieri said the Federal Bureau of Investigation (FBI) and the United States Secret Service are involved in the investigation, but the county itself is using an in-house lab for the forensic analysis. Officials stressed it would have taken 24 to 36 hours for the water to be fully contaminated. When levels are out of limit or range, a number of alarms will sound, alerting staff.

Reynolds Water Conditioning was established in 1931 and is Michigan’s oldest water conditioning treatment company. Still owned and operated by the Reynolds family, we take pride in offering the highest quality products at a cost-effective price. If your tap water lacks the quality you deserve, contact us today at www.reynoldswater.com or call 800-572-9575.

Written by the digital marketing staff at Creative Programs & Systems: www.cpsmi.com.