Hacker tried to poison drinking water in Florida city
- AP — FLORIDA
A hacker gained entry to the
system controlling the water
treatment plant of a Florida city
of 15,000 and tried to taint the
water supply with a caustic
chemical, exposing a danger
cybersecurity experts say has
grown as systems become both
more computerized and acces-
sible via the Internet.
The hacker who breached
the system at the city of Olds-
mar’s water treatment plant on
Friday using a remote access
program shared by plant
workers briefly increased the
amount of sodium hydroxide by
a factor of one hundred (from
100 parts per million to 11,100
parts per million), Pinellas
County Sheriff Bob Gualtieri
said during a news conference
Monday.
Sodium hydroxide, also
called lye, is used to treat water
acidity but the compound is also
found in cleaning supplies such
as soaps and drain cleaners. It
can cause irritation, burns and
other complications in larger
quantities.
Fortunately, a supervisor
saw the chemical being tam-
pered with - as a mouse con-
trolled by the intruder moved
across the screen changing set-
tings - and was able to
intervene and immediately
reverse it, Gualtieri said.
Oldsmar is about 15 miles
northwest of Tampa.
Gualtieri said the public was
never in danger.
But he did say the intruder
took “the sodium hydroxide up
to dangerous levels.”
Oldsmar officials have since
disabled the remote-access
system, and say other safe-
guards were in place to prevent
the increased chemical from
getting into the water. Officials
warned other city leaders in the
region — which was hosting the
Super Bowl — about the
incident and suggested they
check their systems.
Experts say municipal water
and other systems have the
potential to be easy targets for
hackers because local govern-
ments’ computer infrastructure
tends to be underfunded.
Robert M Lee, CEO of
Dragos Security, and a specialist
in industrial control system vul-
nerabilities, said remote access
to industrial control systems
such as those running water
treatment plants has become
increasingly common.
“As industries become more
digitally connected we will con-
tinue to see more states and
criminals target these sites for
the impact they have on
society,” Lee said.
The leading cybersecurity
firm FireEye attributed an
uptick in hacking attempts it has
seen in the last year mostly to
novices seeking to learn about
remotely accessible industrial
systems. Many victims appear
to have been selected arbitrarily
and no serious damage was
caused in any of the cases -- in
part because of safety mecha-
nisms and professional moni-
toring, FireEye analyst Daniel
Kapellmann Zafra said in a
statement.
“While the (Oldsmar)
incident does not appear to be
particularly complex, it high-
lights the need to strengthen the
cybersecurity capabilities
across the water and waste-
water industry,” he said.
What concerns experts most
is the potential for state-backed
hackers intent on doing serious
harm targeting water supplies,
power grids and other vital
services.
In May, Israel’s cyber chief
s aid the country had thwarted
a major cyber attack a month
earlier against its water
systems, an assault widely
attributed to its archenemy Iran.
Had Israel not detected the
attack in real time, he said
chlorine or other chemicals
could have entered the water,
leading to a “disastrous”
outcome.
Tarah Wheeler, a Harvard
Cybersecurity Fellow, said com-
munities should take every pre-
caution possible when using
remote access technology on
something as critical as a water
supply.
“The systems administrators
in charge of major civilian
infrastructure like a water
treatment facility should be
securing that plant like they’re
securing the water in their own
kitchens,” Wheeler said via
email.
“Sometimes when people
set up local networks, they don’t
understand the danger of an
improperly configured and
secured series of Internet-con-
nected devices.”
No comments:
Post a Comment