Recently, a sharp-eyed water treatment operator in Oldsmar, Florida, thwarted a dangerous cyberattack on the town's drinking water system. The hacker aimed to poison the supply—a chilling example of critical infrastructure risks.
Oldsmar, home to about 15,000 people in Pinellas County, Florida, endured a major cyber incident, as detailed in a New York Times article on February 8, 2021. A hacker remotely accessed the water treatment controls and tried to poison the drinking water. The operator spotted the unauthorized changes in time, averting disaster.
The breach took just five minutes. The intruder spiked levels of sodium hydroxide (NaOH, or caustic soda) in the water. Used in small doses to prevent pipe corrosion, excessive amounts are highly toxic, causing severe skin burns and eye damage.
Florida Senator Marco Rubio labeled it a national security threat, leading to an FBI investigation with local authorities. Adam Palmer of cybersecurity firm Tenable called it a nightmare scenario, highlighting the direct risks to public health.
These flaws are recurring. In 2016, hackers breached Kemuri Water Company during a Verizon network test, successfully altering chemical additives in the potable water.
Power grids face similar dangers. In early 2020, likely Iranian hackers targeted U.S. electricity firms for credentials, potentially causing widespread blackouts with catastrophic effects.
