Hot on the heels of the high-profile SolarWinds attack comes the Oldsmar water treatment facility attack. This one is more targeted and focused on a specific – and very critical – piece of infrastructure. A computer controlling the water treatment system in Oldsmar, Florida, was remotely accessed on Friday. Oldsmar is a suburb 15 miles northwest of Tampa Bay with a population of about 15,000 residents.
In the Oldsmar water treatment facility attack, the hacker accessed the software system and increased the sodium hydroxide content from 100 parts per million (ppm) to 11,100 ppm. The operator that detected this was able to bring the water content back to normal. There is no immediate danger to the people who rely on the plant for drinking water.
Sodium hydroxide (NaOH), commonly known as lye, is the chief ingredient in liquid drain cleaners. It is very corrosive and can cause irritation to the skin and eyes, along with temporary loss of hair. Swallowing it can cause damage to the mouth, throat, and stomach and induce vomiting, nausea and diarrhea.
This attack is the latest incident involving critical infrastructure targets such as water treatment plants, electric grids and other sensitive targets that could cause major safety hazards. These cyber attacks have grown in scope and sophistication over the last few years, and there are concerns it is only going to get worse, not better.
As a result, there is a growing need for manufacturers and operation managers to secure vulnerable computers, nodes and other access points (APs) from hackers. These APs, which used to be isolated and cut off from the internet, are now part of the Industrial Internet of Things (IIoT), which brings different devices together to help them communicate and interact with one another.
SolarWinds may have gotten the big headlines lately with the cyberattack, but the Oldsmar water treatment facility attack highlights how everything is susceptible. If the attack went undetected or unnoticed for a long period of time, it could have led to severe issues.
Chris Vavra, web content manager, CFE Media & Technology, firstname.lastname@example.org.
Cyberattacks on SolarWinds and Oldsmar: CEO Interview Series, John Livingston, Verve Industrial
Increasing Industrial Cybersecurity Threat: CEO Interview Series, John Livingston, Verve Industrial