A malicious hacker’s attempted poisoning of the Oldsmar, Florida water supply serves as a stark reminder of the potentially devastating consequences that can result from operating vulnerable and unsecured industrial controls in a critical infrastructure environment.

Oldsmar and Pinellas County, Fla. officials today revealed that an unknown individual last Friday morning hijacked a remote access system used by employees at the city’s water treatment plant. The hacker attempted to increase the amount of sodium hydroxide in the water from 100 parts per million to 11,100 parts per million. Sodium hydroxide, which is found in drain cleaners and is commonly known as lye, is used to reduce the acidity of water and make it more potable – but too much of it makes the water caustic and potentially deadly.

Water and wastewater treatment is among the most at-risk areas of critical infrastructure that exists today, said Grant Geyer, chief product officer at Claroty. He pointed to the company's Biannual ICS Risk & Vulnerability Report, which found that industrial control system vulnerabilities disclosed during the second half of 2020 increased by 54% from the second half of 2019 and 63% from the second half of 2018 in water and wastewater.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.