Link.
On Monday officials from Pinellas County in Florida announced that an unidentified hacker remotely gained access to a panel that controls the City of Oldsmar's water treatment system, and changed a setting that would have drastically increased the amount of sodium hydroxide in the water supply.
During a press conference, Pinellas County Sheriff Bob Gualtieri said that a legitimate operator saw the change and quickly reversed it, but signaled that the hacking attempt was a serious threat to the city's water supply. Sodium hydroxide is also known as lye and can be deadly if ingested in large amounts.
"The hacker changed the sodium hydroxide from about one hundred parts per million, to 11,100 parts per million," Gualtieri said, adding that these were "dangerous" levels. When asked if this should be considered an attempt at bioterrorism, Gualtieri said, "What it is is someone hacked into the system not just once but twice ... opened the program and changed the levels from 100 to 11,100 parts per million with a caustic substance. So, you label it however you want, those are the facts."
In smaller quantities, sodium hydroxide can cause severe skin burns and eye damage. Small amounts of sodium hydroxide are put in some cities' drinking water supplies to prevent corrosion to pipes and to bring the pH up (it is a strong base).
Gualtieri said that on Friday at 8am a plant operator at the Oldmar's water treatment facility noticed someone remotely accessing the system that he was monitoring. The system was deliberately set up with a piece of remote access software so that "authorized users could troubleshoot system problems from other locations," Gualtieri added.
That instance of remote access was brief, but then it happened again at 1:30 p.m., and the hacker changed the sodium hydroxide levels, Gualtieri said.
"The intruder exited the system, and the plant operator immediately reduced the level back to the appropriate amount of one hundred," Gualtieri added. Gualtieri said that steps were taken to "stop further remote access to the system" and that there are other safeguards to protect the water integrity in place.
The employee is a hero.
