[ad_1]
The Tampa region of Florida narrowly missed a disaster. Unknown hackers have logged into the system of a drinking water treatment plant and the proportion of sodium hydroxide in the water is more than a hundred times higher. Fortunately, an employee at the plant noticed the attack in time.
The attack happened in Oldsmar, a city of about 15,000 people near Tampa. As Sheriff Bob Gualtieri reported, the hackers had increased the content of the chemical from 100 parts per million to 11,100 parts. “This is a significant and potentially dangerous increase,” Gualtieri said. Because in large amounts, the chemical can cause burns.
Hackers first invaded to practice
Last Friday, the hackers entered the system briefly at 8am, probably to explore, and then left again. The actual attack took place at 1.30pm and lasted only three to five minutes. An employee observed on his monitor how the cursor suddenly moved on its own and, as if controlled by an invisible hand, he opened several water treatment programs.
The employee immediately reduced the proportion of the chemical again. That prevented bad things.
It is unknown who is behind the hackers attack. Nor do we know yet whether it came from home or from abroad.
Sodium hydroxide is used to control the acidity of water and to remove metals from drinking water in a water treatment plant. Even if the change had not been noticed immediately, it would have taken 24-36 hours for the treated water to reach the supply system. The case is now being investigated by the FBI, among others.
Hacker attacks on Ebikon LU
Hacker attacks have also been carried out against the drinking water supply in Switzerland, as confirmed to VIEW by Christos Bräunle, head of communications for the Swiss Gas and Water Association (SVGW). The case of Ebikon LU 2018 is well known, when several thousand malicious queries were sent from London and Korea. However, the IT system was able to repel the attacks.
In Switzerland there is little danger from physical attacks on drinking water. Bräunle is only aware of one case where a farmer in the Ravensburg area tried to blackmail the water supply in 2005. Bräunle: “Two open atrazine cans containing five liters of the pesticide each were discovered in Lake Constance at a depth of 60 meters. Fortunately, the attack did not affect the quality of the drinking water due to the high dilution of atrazine with the lake water.
New safety standards
Due to increasing digitization, the SVGW, in conjunction with the Federal Office for National Economic Supply, did not develop a minimum standard for water supply security until the end of 2020. The document allows water providers of all sizes to assess independently from cyber risks using a uniform industry standard and tailor its level of protection according to its resources, risk assessment and relevance to supply.
The editors state: “A large-scale failure of the water supply through cyberattacks would have devastating consequences for the affected sectors of the population and the economy.”
In the United States, there has been an increase in hacker attacks, especially against small businesses, in recent years. It seems that cybercriminals are getting familiar with the way systems work. Your goal could be to attack a larger system at a later date, tamper with it, or obtain a ransom.
