Hacker tries to poison water supply of Florida city
A computer hacker gained access to the water system of a city in Florida and tried to pump in a "dangerous" amount of a chemical, officials say.
The hacker briefly increased the amount of sodium hydroxide (lye) in Oldsmar's water treatment system, but a worker spotted it and reversed the action. Lye is used in small amounts to control acidity but a large amount could have caused major problems in the water.
Oldsmar Mayor Eric Seidel said: "There's a bad actor out there." No arrests have yet been made and it is not known if the hack was done from within the US or outside.
A computer controlling Oldsmar's water treatment system was remotely accessed on Friday. A plant operator saw an attempt to access the system in the morning but assumed it was his supervisor, the Tampa Bay Times reported. But another attempt was made early in the afternoon and this time the hacker accessed the treatment software and increased the sodium hydroxide content from 100 parts per million to 11,100 ppm. The operator immediately reduced the level to normal.
Also at CNN, Ars Technica, and WWSB.
(Score: 2) by Runaway1956 on Tuesday February 09 2021, @12:55PM (7 children)
I have the same question, and go one step further. After a warning like this, why is remote access disabled TEMPORARILY???
Now way, now how, no where, no when, should critical infrastructure be accessibly via the internet. Fekkin' idiots!
“I have become friends with many school shooters” - Tampon Tim Walz
(Score: 0) by Anonymous Coward on Tuesday February 09 2021, @02:28PM
I'm suspicious whether this story is actually real. If more lye ended in the water, did somebody spill a bucket by accident and they want to shift blame?
Secondly, if safety critical systems are being controlled by computers, why not add another system to sanity check what the first one is doing?
(Score: 2) by Immerman on Tuesday February 09 2021, @03:00PM (1 child)
Really? There's a bad actor somewhere on Earth, and they have internet access? Oh no! Sound the alarm! Unleash the hounds!
Anyone who says such a thing as though it has more relevance than "the sky is blue" should not be allowed in any position of authority.
Connecting any system to the internet is immediately exposing it to a huge number of bad actors. It's your responsibility to defend against them, and if you don't plan to take that responsibility seriously, unplug from the effing 'net.
(Score: 0) by Anonymous Coward on Tuesday February 09 2021, @07:47PM
Seems you are having trouble processing context. Did you mean
[ Help ] [ OK ] [ Cancel ]
- -
*Wait, don't you mean dice collection?
No, moron. The singular is die. Do you say "horses collection"?
(Score: 5, Interesting) by DannyB on Tuesday February 09 2021, @03:24PM (3 children)
As someone at NASA once said in January 1986: take off your engineering hat for a moment and put on your management hat.
Do you realize that it would cost money to have an actual person at an inconvenient location to actually physically monitor and control operations of water treatment? Even if someone only occasionally needs to physically visit the facility. (eg, remote monitoring, but actual hands-on manipulation must be, um, hands-on.) Ditto for electrical substations, chemical plants, sewage treatment, electrical generation facilities, nuclear power plants, etc. No on site humans needed! Just a warm body on the intarwebs.
Don't you realize that it is way cheaper (to someone, but not to you and me) to simply have a warm body somewhere who can remotely monitor and control these facilities? (Located in India or somewhere.) Look how effectively this has worked for corporations to outsource their call centers! It's wonderful, just wonderful I tell you!
No regulations needed. They are doing swell! We can't regulate corporations. Absolutely no regulation can be permitted. That would not be pro-business. If this principle works for corporations, it works equally well for municipal water.
Santa maintains a database and does double verification of it.
(Score: 3, Interesting) by VLM on Tuesday February 09 2021, @04:29PM
I've worked at places running under a variation of the two man rule where they have an onsite and an offsite.
Note that the workload can get pretty shitty for the onsite when there's either an internet outage at the offsite's house or the onsite plant, but at least they have someone. Luckily if you use VOIP then an internet outage means no incoming calls.
The highest ratio I ever saw was during a snow storm at a data center type facility and they had like one dude who lived down the road come in for a 16 hour day and five guys VPN'd in from home. The onsite guy was pretty busy doing remote hands stuff. The fact of the matter is if you have 1000 water and enviro sensors in a very large facility (like acres...) even if the sensors are 99.9% reliable every day, that means at least once a day the flooding sensor will go off and need investigating, and air handling equipment needs continual maintenance, its a headache.
(Score: 1) by khallow on Tuesday February 09 2021, @06:37PM
(Score: 2, Interesting) by Anonymous Coward on Tuesday February 09 2021, @07:15PM
Ok, so you *really* need to always be able to remotely see what's going on. So point a webcam at the screen through an AIR GAP.