LONDON (Bywire News) - As Tampa bay residents were celebrating their victory in the Superbowl, somebody was tampering with their water supply. Cybersecurity experts have warned for years about the danger to infrastructure such as drinking water. Now their fears have come true. While the attack was caught before serious damage occurred, the results could have been catastrophic.
According to officials, cybercriminals targeted Oldsmar City in the Tampa Bay area and temporarily changed the levels of lye in the drinking water. The level of sodium hydroxide, which is the main ingredient in drain cleaner was changed from 100 parts per million to 11,100 parts, which could have caused serious harm to any resident unfortunate enough to drink it.
The chemical is used to control acidity in water and to remove metals. The city has its own well fields which require treatment before water can be considered suitable for human consumption
According to officials, the plot was uncovered last Friday when an employee noticed someone was controlling his computer. He initially dismissed it as the city uses software which allows supervisors to access computers remotely. However, he saw that programs were opening and that the level of lye had been changed to dangerous levels.
The operator managed to lower the levels right away and prevented any contamination of the water supply. However, had the employee not noticed it, the impact could have been catastrophic. Speaking about the attack, Sheriff Bob Gualtieri urged managers of critical infrastructure to review and tighten their cybersecurity.
“This is dangerous stuff,” he said. “It’s a bad act. It’s a bad actor. It’s not just a little chlorine or a little fluoride — you’re basically talking about lye.”
Officials insist that even if the attack had not been spotted it would have still taken 36 hours to hit the water supply system and it would have also been checked and stopped before being released into the system.
However, cybersecurity professionals have been warning about the risk to water systems for some time. Last year Israel was hit by a number of cyber-attacks targeting its drinking water. Intelligence officials linked the attacks to Iran.
The incident also marked the start of a series of mysterious accidents and explosions which occurred across Iran’s critical infrastructure affecting power plants, nuclear fuel enrichment centres, ports, and petrochemical plants.
While no harm was done this time, it marks the start of a dangerous trend in which a country’s critical infrastructure may be used against them as a weapon.
(Written by Tom Cropper, edited by Klaudia Fior)