February 10, 2021 – In Breaking News – Fortune
A hacker’s botched attempt to poison the water supply of a small Florida city is raising alarms about just how vulnerable the nation’s water systems may be to attacks by more sophisticated intruders.
Treatment plants are typically cash-strapped, and lack the cybersecurity depth of the power grid and nuclear plants.
A local sheriff’s startling announcement Monday that the water supply of Oldsmar, population 15,000, was briefly in jeopardy last week exhibited uncharacteristic transparency.
(Authorities in Florida said investigations were underway after a hacker attempted to poison the water supply to the city of Oldsmar on February 5. Courtesy of Bloomberg Quicktake: Now and YouTube. Posted on Feb 8, 2021.)
Suspicious incidents are rarely reported, and usually chalked up to mechanical or procedural errors, experts say.
No federal reporting requirement exists, and state and local rules vary widely.
“In the industry, we were all expecting this to happen. We have known for a long time that municipal water utilities are extremely underfunded and under-resourced, and that makes them a soft target for cyber attacks,” said Lesley Carhart, principal incident responder at Dragos Security, which specializes in industrial control systems.
“I deal with a lot of municipal water utilities for small, medium and large-sized cities. And in a lot of cases, all of them have a very small IT staff. Some of them have no dedicated security staff at all,” she said.
Breaking: Horrifically hostile cyber attack being investigated in the city of Oldsmar, Florida, where someone accessed a computer for the water treatment system and increased the amount of sodium hydroxide in the water supply by a factor of more than 100.https://t.co/8Kf41xrIeX
— Alexander Martin (@AlexMartin) February 8, 2021
The nation’s 151,000 public water systems lack the financial fortification of the corporate owners of nuclear power plants and electrical utilities.
They are a heterogenous patchwork, less uniform in technology and security measures than in other rich countries.
As the computer networks of vital infrastructure become easier to reach via the internet — and with remote access multiplying dizzily during the COVID-19 pandemic — security measures often get sacrificed, which appeared to be the case at Oldsmar.
Continue reading… Why water plants are so vulnerable to hackers
AST strives to meet a 3 STAR trustworthiness rating, based on the following criteria:
- Provides named sources
- Reported by more than one notable outlet
- Includes supporting video, direct statements, or photos