Sadly in 2021 not a day passes without news of a company, government or organization being targeted by hackers, but usually cyberattacks don’t try to poison thousands of people.

That’s exactly what nearly happened last week in Pinellas County, Florida.

An unknown attacker remotely accessed a water treatment plant in Oldsmar, Florida, on Friday, Feb. 5, and attempted to poison the water supply by increasing the sodium hydroxide to toxic levels. Sodium hydroxide, also known as lye and caustic soda, is used to control water supply acidity and remove heavy metals from water. In very small doses it’s fine, but in high doses it can range from skin irritation to potential death by causing severe burns.

Fortunately, in this case, the attacker was detected before the water supply could be affected. The attacker is said to have gained remote access to the water supply system for about five minutes and then tried to increase the sodium hydroxide level in the water by a factor of more than 100 times. An operator at the water supply plant noticed the attempt and reset the proper levels of sodium hydroxide.

Officials from Oldsmar and Pinellas County claimed that the public was “never in danger” and that redundancies would have triggered alarms had the levels set by the attacker not been detected by an operator. “The protocols that we have in place, monitoring protocols, they work; that’s the good news,” Oldsmar Mayor Eric Seidel told local media. “Even had they not caught them, there’s redundancies in the system that would have caught the change in the pH level.”

The path to the hack was via the attacker gaining access to the water control system through TeamViewer.

“With so much emphasis recently placed on hacks for the health care and financial services industry, an infrastructure hack such as this tends to hit much closer to home since it regards our physical safety,” Tom Garrubba, chief information security officer at third party risk management firm Shared Assessments, told SiliconANGLE. “It is critical to consistently review and monitor such critical administrative accounts that control such systems. Alarms and logs for critical infrastructure systems should be reviewed and attended to constantly, and if such a hack or changes in set tolerances were to occur, a root cause analysis is imperative to mitigate such an event from happening in the future.”

Kevin Dunne, president at integrated risk management solutions company Greenlight Technologies Inc., noted the COVID-19 pandemic has forced many organizations to adopt remote-access capabilities sooner than they had planned.

“Many organizations have previously felt protected by traditional perimeter security such as firewalls and VPNs,” Dunne said. “However, the new shift to work from anywhere has reduced the efficacy of many of these methods and even rendered some of them useless. Now, more than ever, the most effective way to secure remote access is to secure and monitor identity and access to know exactly who is accessing critical systems and what they are doing with that access.”

Photo: Pinellas County