I’d wager few people had ever heard of Oldsmar, Florida, prior to 2021. That all changed in February when the city made headlines. The reason? An Internet of things (IoT) security incident moved into the physical world.
A Tale of Lifted Lye Levels
At 8 a.m. local time on February 5, 2021, an operator at Oldsmar’s water treatment plant noticed someone had remotely entered the computer system he was watching and taken control of his mouse. The attacker used their control to change the amount of sodium hydroxide in the water from 100 parts per million to 11,000 — a potentially dangerous level of lye. If consumed, this cyber-physical attack could have caused loss of vision, pain and shock, among other symptoms.
The water treatment plant had protections in place that would have corrected the change in time. But the worker acted first, adjusting the amount of lye back to safe levels before the other measures kicked in. He also notified his supervisor to ensure “steps were taken to prevent further remote access to the system.”
Sen. Marco Rubio (R-Fla.) asked the FBI to look into the cyber-physical attack. The agency later found ‘poor password security’ may have been a factor. The exact origin of the threat hasn’t been found. However, researchers did trace stolen information about the water treatment plant to a larger data leak.
A Look at Other Cyber Physical and IoT Security Attacks
The attack on Olds ..
Support the originator by clicking the read the rest link below.
