Local authorities, FBI, and Secret Service are investigating Friday’s hack of a city water treatment plant in Oldsmar, FL. The facility is just 12 miles away from the Raymond Jones Stadium which hosted the Super Bowl a mere two days after the hack. A hacker took remote control of a plan operator’s machine twice. The first time just tested the system. However, the second time, in just a few minutes, the hacker increased sodium hydroxide levels to unsafe levels, and then they disappeared.
FBI and Authorities Respond to the Hack
Pinellas County Sheriff, Bob Gualtieri said in a briefing, “The hacker changed the sodium hydroxide from about 100 parts per million to 11,100 parts per million. This is obviously a significant and potentially dangerous increase. Sodium hydroxide, also known as lye, is the main ingredient in liquid drain cleaners. It’s also used to control water acidity and remove metals from drinking water.”
The Tampa FBI field office has confirmed that they have agents assigned to discovering the identity of the hacker. Currently, the authorities do not have one suspect, but they have a few leads. They are also trying to determine if the breach came from inside or outside the U.S. Oldsmar officials acknowledge that the hack was serious but did not impact public health. The alarms in the system and a delay from the facility to water transferring to customers kept this hack from being a real public health issue. Additionally, the city has disabled remote access for the time being.
Like a Chapter from Burn-in
Often, when we think of cybersecurity, we only consider large corporations and their ability to control our data. Typically, we consider identity theft or information loss as the driver behind the need for increased cybersecurity. While combating identity theft and deep fakes are important, we often overlook the security of our nation’s infrastructure.
As the news unfolded, authors P. W. Singer and August Cole were tweeting I told you so, feeling like it was a chapter lifted out of their book Burn-In. Singer specifically points out, “Key on this is not just understanding the general vulnerabilities that hit lots of critical infrastructure, but a few more specific to the water sector: Unlike power, not major region firms etc, but rather lots of city/town specific agencies and mom+ pop sized companies. So problem of scale for them and, in turn, cybersec companies/consultants see less value in investing.”
Cole agreed, saying “Terrifying. And predictable.”
Singer notes that the novel was based on nonfiction threats, but also on interviews with experts about real vulnerabilities. Additionally, taking a walk down memory lane can show examples in history that were deemed accidents but could have actually been intentional. Even true accidents have the potential to expose vulnerabilities and make adjustments.
Better Understanding New Threats
Additionally, fiction has a unique role in teaching national security on how to prepare for future acts of bioterrorism. Biographies are great, since it’s never a great feeling when we let history just repeat itself. However, sometimes letting the mind wander to consider the art of the possible helps the military prepare for future war scenarios. The threats against national security are varied, so we have to consider all the different attackers and unique methods. Whether that’s irregular warfare abroad or increased cybersecurity for American’s household utility services or unique hiring methods for better talent, the industry has to be able to adapt to new threats.