Hacker successfully infiltrated the system computers which controls the facility exwork water in the US state of Florida and remotely changed a regulation that drastically altered sodium hydroxide (NaOH) levels in the water.
During press conference held yesterday, Pinellas County Sheriff Bob Gualtieri said an employee at a water treatment plant in Oldsmar, Florida, noticed his mouse cursor moving strangely on his computer screen.
At first, he did not worry. The city's 15.000-person water treatment plant used remote access software TeamViewer to allow staff to share screens for review and to deal with computer issues. And his supervisor is often connected to the computer to monitor the facility's systems.
However, a few hours later, the shift operator noticed that his mouse was moving again. But this time there was no illusion of benign surveillance by a supervisor or an IT person. The cursor started clicking on the water treatment plant controls.
Within seconds, the intruder was trying to change the sodium hydroxide (also known as caustic soda) levels in the water supply, moving the setting from 100 parts per million to 11.100 parts per million. At low concentrations, the corrosive chemical regulates the pH level of drinking water. At high levels, it seriously damages any human tissue wherever it touches it.
Immediately the employee managed to take control of the mouse and restore concentration levels before the damage spread. According to the sheriff, the instant regulation did not have a significant effect on the water, and the population was never in danger.
The water treatment plant appears to have been breached for about 3 to 5 minutes by unknown suspects on February 5, with remote access taking place twice, at 8:00 a.m. and 1:30 p.m. It is not known if the violation took place in the US or abroad. Police said an investigation was under way into the incident.
Although early intervention prevented more serious consequences, the sabotage attempt highlights the exposure of critical infrastructure facilities and industrial control systems to cyberattacks.
The fact that the attacker used TeamViewer to take over the system underscores the need for secure access with multi-factor authentication.
Remote access requirements must be minimized. And if they are really needed then they should be done with predefined and strict data, such as from specific IP addresses, with secure access systems (and not through TeamViewer) and with authentication multiple factorsn.
