Many people fear what could happen if hackers gained control of the digital infrastructure we rely on each day. From power to water to food, our essentials rely heavily on software platforms. Unfortunately, they are vulnerable to cyberattacks.
The city of Oldsmar in Florida, a suburb outside of Tampa, just experienced this nightmare firsthand. On Friday, a hacker attempted to wreak havoc in the town by targeting the local water treatment plant. The hacker reportedly increased lye levels in the water by more than 100 times.
Fortunately, it doesn’t appear that the incident has resulted in any injuries or deaths since it was caught by a plant operator. Even so, it is a harrowing reminder of the world’s fragile digital balance.
They say those who control the keyboard control the world. As long as the right people are behind the keyboard, this isn’t a problem. However, incidents like the one in Oldsmar show that serious damage can be done when someone subverts the digital operations of today’s essential services.
The hacker, who reportedly gained remote access to the water treatment facility’s network, increased the sodium hydroxide, or lye, levels “from about 100 parts per million to 11,100 parts per million,” according to Pinellas County Sheriff Bob Gualtieri.
Lye is a harsh substance that typically appears only in small quantities to help manage the acidity level of treated water. In higher amounts, it can cause many negative health effects, including burns, vomiting, and difficulty swallowing.
In this case, the attack isn’t nearly as bad as it could have been. That’s thanks to a particularly vigilant employee who utilized backup safety protocols that were put into place well before the incident.
On Friday afternoon, the worker noticed someone remotely moving the mouse around the screen. As they watched the person increase the level of sodium hydroxide in the water, they were able to immediately change it back.
On top of this, the plant, which automatically checks for tainted water, shut down before any of it could reach consumers. As the sheriff notes, “Importantly, the public was never in danger.”
While that is true in the direct sense, the attack did pose a very real threat to public safety. Without the watchful eye of the plant employee, the problem might not have been caught until much later.
Perhaps the most important lesson to glean from this experience is that more attention needs to be paid to critical infrastructure in the U.S.
Oldsmar Mayor, Eric Seidel, said in a press conference, “The important thing is to put everybody on notice… to make sure that everyone realizes that these kind of bad actors are out there, it’s happening, so really take a hard look at [your defenses].”
Indeed, the incidence of cybercrime aimed at vulnerable targets, like hospitals and schools, has increased significantly in recent years. Considering that most government-run digital infrastructure is outdated and unsecured, it is a prime target for future attacks.
Hopefully, what we saw in Oldsmar doesn’t become a disturbing trend in the coming months.