Industrial Cyber Attacks
Industry
News

Hackers attempt to poison water treatment plant in Florida

February 10, 2021
water treatment

Unidentified cyber attackers were able to get access to a panel that controls the water treatment plant at the city of Oldsmar near Tampa, Florida. This modification in the setting would have drastically increased the amount of sodium hydroxide in the water supply, officials from Pinellas County in Florida announced on Monday.

“Water systems, like other public utility systems, are part of the nation’s critical infrastructure and can be vulnerable targets when someone desires to adversely affect public safety,” said Pinellas County Sheriff Bob Gualtieri in a press conference on Monday. He was joined by Mayor Eric Seidel and City Manager Al Braithwaite.

The intrusion was detected on Friday by a plant operator, who noticed that someone had remotely accessed the computer system he was monitoring, which controls the chemicals and other operations of the water treatment plant, Gualtieri said. The software was set up to allow remote access to certain authorized users for troubleshooting problems from other locations.

The staffer did not at first think much of it. But later in the day, another intrusion was detected, this time with the hacker taking control of the mouse and operating the computer system remotely, and opening various functions on the screen for about three to five minutes, according to Gualtieri.

One of the functions opened was one that controlled the amount of sodium hydroxide in the water. The hacker increased the sodium hydroxide levels in the water from about 100 parts-per-million (ppm) to about 11,100 ppm, increasing it to extremely dangerous levels in the water systems, Gualtieri said. Sodium hydroxide, also known as lye, is the main ingredient in liquid drain cleaners, apart from being used to control water acidity and remove metals from drinking water in the water treatment plant.

After increasing the sodium hydroxide levels the intruder exited the system. The plant operator immediately reversed the change to the appropriate amount of 100 parts per million. The public was never put in danger, as the lye level was immediately reversed, Gualtieri said.

“I will be asking the FBI to provide all assistance necessary in investigating an attempt to poison the water supply of a Florida city,” wrote Marco Rubio, U.S. senator for Florida, in a Twitter message on Monday. “This should be treated as a matter of national security.”

Had the operator not observed the attacker actively manipulating the screen, it is possible that several other mechanisms in the water treatment plant control and monitoring system would have alerted plant staff to the condition, wrote Ben Miller, an executive at cybersecurity company Dragos in a blog post on Monday. However, it is also entirely possible that this action could have resulted in people getting sick or potentially even dying, he added.

It has been publicly acknowledged that an operator machine had a remote access software package – TeamViewer – installed and accessible to the Internet, according to Miller. This led to manipulation of control set points for the dosing rate of sodium hydroxide into the water.

TeamViewer is a legitimate software package that is directly installed on a Windows host that allows for easy connectivity from anywhere. “Its ease of use has allowed it to increasingly be used in industrial environments and, while legitimate software, may be unauthorized or rogue software,” Miller added.

“Water and wastewater is one of the most at-risk critical infrastructure sectors today,” said Grant Geyer, chief product officer at industrial cybersecurity company, Claroty. Industrial control system (ICS) vulnerability disclosures impacting the sector have increased significantly year-over-year during the second half (2H) of 2020 up by 54 percent from the second half of 2019 and 63 percent from second half of 2018 in water and wastewater.

On account of long depreciation period of equipment in critical infrastructure environments, technology obsolescence and security vulnerabilities are a common occurrence, Geyer added. Additionally, many water utilities are small entities and are under-resourced, making the challenge of developing a robust security program that much more challenging.

 

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Mandiant exposes APT44, Russia's Sandworm cyber sabotage unit, targeting global critical infrastructure
Mandiant exposes APT44, Russia’s Sandworm cyber sabotage unit, targeting global critical infrastructure
Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk
Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk
Armis
Armis acquires Silk Security for $150 million to enhance AI-driven cybersecurity capabilities
Nozomi discovers five vulnerabilities in AMI MegaRAC SP-X BMC, exposing OT, IOT devices to RCE attacks
Nozomi secures US$1.25 million US Air Force contract to boost DoD critical infrastructure security
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape
House Energy and Commerce Committee members seek answers from UnitedHealth on Change healthcare cyberattack
House Energy and Commerce Committee members seek answers from UnitedHealth on Change healthcare cyberattack
CISA announces Cyber Storm IX cybersecurity exercise to strengthen national cyber readiness
CISA announces Cyber Storm IX cybersecurity exercise to strengthen national cyber readiness
New NSA guidance identifies need to update AI systems to address changing risks, bolster security
New NSA guidance identifies need to update AI systems to address changing risks, bolster security
Claroty’s Team82 details cyber attack by Blackjack hackers on Moscow's emergency detection systems
Claroty’s Team82 details cyber attack by Blackjack hackers on Moscow’s emergency detection systems
Kaspersky ICS CERT reports on escalating consequences of cyber attacks on industrial organizations
Kaspersky ICS CERT reports on escalating consequences of cyber attacks on industrial organizations