Cyber-Attacker Tries to Remotely Poison Florida City

The cyber-risks associated with connected operational technology (OT) systems were laid bare on Monday after an unknown online assailant tried to remotely poison the water supply of a Florida city.

The attacker accessed the water treatment system for Oldsmar city in Pinellas County and tried to increase the amount of sodium hydroxide (lye) in the water almost 100-fold, officials said yesterday.

Also known as caustic soda, sodium hydroxide could cause vomiting, diarrhoea and damage to internal organs if swallowed.

An operator at the plant monitoring the system saw what he assumed to be his boss remotely accessing it at around 8am on Friday morning. Around five-and-a-half hours later the same worker was left bemused as their mouse suddenly started to move while a remote user tried to ramp up the lye levels in the water.

The operator immediately changed the levels back once the attacker had logged-off, according to Pinellas County sheriff Bob Gualtieri.

In any case, it would have taken more than a day for the sodium hydroxide to enter the water supply and redundancies in the system would have spotted the change in pH level and sounded the alarm, explained Oldsmar mayor, Eric Siedel.

“The important thing is to put everybody on notice,” he warned at the press conference. “That’s really the purpose of today, to make sure that everyone realizes that these bad actors are out there; it’s happening, so take a hard look at what you have in place.”

Stuart Reed, UK director of Orange Cyberdefense, argued that ..

Support the originator by clicking the read the rest link below.