Hacker tried to poison Oldsmar water system, sheriff says
OLDSMAR, Fla. - Investigators say someone took over a computer that controls the city of Oldsmar’s water system and tried to poison the water supply. The FBI, Secret Service and Pinellas deputies are now looking into the case.
Sheriff Bob Gualtieri says someone first hacked the system around 8 a.m. Friday. The plant operator at first didn’t think anything of it at the time because his supervisors use remote access to get into the system all the time.
But when it happened again later that afternoon, the operator noticed the hacker pushed the sodium hydroxide mixture to a toxic level -- from 100 ppm to 11,100 ppm.
That operator immediately pushed the level of that chemical, also known as lye, back down.
"The protocols we have in place, the monitoring protocols worked. That’s the good news," said the mayor of Oldsmar, Eric Seidel.
"This is somebody who is trying, at least it appears, to do something bad. It’s a bad actor," Gualtieri offered. "Very fortunately, the operator saw it and immediately reduced it."
Oldsmar’s system serves roughly 15,000 customers.
Sodium hydroxide occurs naturally in water at very low levels. It's typically added to water for corrosion control purposes at rates between 1 and 40 ppm.
"It’s not just an accident when you are taking it from 100 to 11,100 parts per million. It’s potentially serious," Sheriff Gualtieri pointed out. "If you put that amount of that substance in the drinking water, that’s not a good thing."
The right amount of sodium hydroxide keeps acid at safe levels.
University of South Florida civil engineering professor Dr. Katherine Alfredo says lye in the water supply would likely be more of a threat to skin than be potentially deadly.
Still, she says the episode shows how resources for all of our public utilities are stretched thin.
"Meeting high-quality standards of water, on a day to day basis and then also trying to find money to improve treatment, improve water, lower their rates, not increase the rates, but then also increase their cybersecurity," she explained.
Sen. Marco Rubio tweeted he's considering this a breach of national security.
While the FBI tracks down leads on a suspect, cyber expert Dr. Eric Cole says it's not likely this was done by an agent of another government.
"A lot of this is more just an annoyance," said Cole. "But it is a good wake-up call because if it can happen to a local municipality, it can happen to a larger grid across the country."
The system in Oldsmar was connected to the internet to allow for legitimate fix-it crews to make adjustments remotely.
That feature has since been turned off.
"We have been warning people for a long time," said Cole. "Unfortunately, until you have major issues, nobody is going to take this seriously."
The sheriff says the public was never in any danger because there are other alarms in place, but he’s asking all utilities and municipal services in the Tampa Bay area to review their security protocols.