Local and federal authorities are investigating after hackers broke into the Oldsmar water treatment system in Florida and tried to poison the water supply. Hackers increased the amount of lye in the water by a factor of more than 100.
Lye is used in small amounts to control the acidity of the water. However, in large quantities it can burn skin, cause hair loss, and be fatal if ingested. Oldsmar provides water to businesses in the city as well as approximately 15,000 residents.
Around 8:00 a.m. on February 5, 2021, the plant operator who was monitoring the system noticed that someone else had briefly accessed it. The operator was not alarmed because his supervisor frequently accessed the system remotely.
However, at around 1:30 p.m. that day, the operator saw someone access the system again; take control of the mouse and access the software that controls water treatment; work in the software for several minutes; and increase the amount of sodium hydroxide from 100 parts per million to 11,100 parts per million.
After the hacker left the system, the operator immediately corrected the concentration of lye.
According to the sheriff, there was no adverse effect on the water and the public was never in danger. Even if the operator had not seen the breach, it would have taken a day for the contaminated water to enter the water supply and redundancies in the system would have caught the change in the pH level, he said.
City officials noted that several safeguards are in place to prevent contaminated water from entering the water supply. The city has disabled the remote-access system that was used to breach the treatment system.
The FBI, Secret Service, and Pinellas County Sheriff's Office are investigating the case. The sheriff said they do not know why Oldsmar was targeted.
The authorities have alerted other municipalities in the area and encouraged them to safeguard their water treatment systems and other infrastructure. Jack Evans "Hackers Attempt to Poison Florida City's Water Supply" tampabay.com (Feb. 09, 2021).