UPDATED 20:52 EDT / JUNE 20 2021

SECURITY

Hacker allegedly tried to poison San Francisco Bay Area water supply

A hacker allegedly tried to poison water being processed at a San Francisco Bay Area water treatment plant, according to an NBC News report late last week.

The attack took place on Jan. 15 and involved the person gaining access to the water treatment plant network by using a former employee’s TeamViewer account credentials. Having gained access to the plant, the person then deleted programs that the water plant uses to treat drinking water.

According to a confidential report compiled by the Northern California Regional Intelligence Center and seen by NBC, the hack was not discovered until the following day. The facility subsequently changed its passwords and reinstalled the programs. “No failures were reported as a result of this incident and no individuals in the city reported illness from water-related failures,” the report noted.

Michael Sena, the executive director of NCRIC, denied the report. “No one tried to poison any of our water. That is not accurate,” Sena told the San Franciso Chronicle, noting that tampering with computer programs would be unlikely to result in poisoning.

“It takes a lot to influence a water supply chain,” Sena explained. “For a large impact, there has to be a large change in the chemicals in the system. The amount of chemicals it would take to cause harm to people…. The numbers are astronomical.”

The Bay Area’s water supply threat is not the first compromise of a treatment plant and will likely not be the last. In February, an unknown attacker accessed a water treatment plant in Oldsmar, Florida, and attempted to poison the water supply by increasing the flow of sodium hydroxide to toxic levels. In that case, the attacker was detected before the water supply could be affected.

“While it’s important to keep an eye on major events, we should also avoid oversensationalized headlines intended to spread fear,” Chris Grove, technology evangelist at critical infrastructure security specialist Nozomi Networks Inc., told SiliconANGLE. “Some headlines are taking the action of deleting code and jumping to attempted mass poisoning. There was not an attempt at poisoning the water supply.”

That said, he added, “this is a stark reminder of how insecure our nation’s water facilities are.” Grove noted that the case highlights a lack of two-factor authentication, password procedures, monitoring and other defenses. “There are many facilities that are in the same situation — same remote access woes, same password problems and the same underfunded, understaffed cybersecurity defenders,” he said.

James Carder, chief security officer at security intelligence company LogRhythm Inc., said the incident is a prime example of how cyberattacks on critical infrastructure can hurt citizens’ physical safety and they’re only growing.

“Over the past 20 years, industrial control systems have largely neglected operational technology and operational risk by air gapping data to compensate for deficiencies in network security and physically isolating platforms from unsecured networks,” Carder explained. “This means critical infrastructure operations are ripe with opportunities for bad actors to target and take down their systems.”

Photo: Florida Water Daily/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU