Police and FBI are currently investigating a recent breach to the Oldsmar, Florida water treatment facility system. According to news reports, someone hacked into the the water treatment computer system and attempted to change the amount of sodium hydroxide in the water from 100 parts-per-million to 11,100 parts-per-millions, a potentially dangerous increase. News sources report that sodium hydroxide, also known as lye, is the main ingredient in liquid drain cleaners.
The plant operator at the Water Treatment System noticed remote access activity on the computer system, but wasn’t particularly concerned because supervisors “regularly” access the computers remotely to monitor the system. The plant operator noticed the increase in sodium hydroxide and immediately reduced the level back to the appropriate amount.
While the news reports that residents were never in danger because it would have taken the affected water 24 to 36 hours to reach the Oldsmar public, this is very unsettling and needs to be remediated immediately for all water treatment facilities. While it was reported that Oldsmar’s water system is no longer capable of being accessed remotely, it is extremely important that water districts implement an appropriate level of cybersecurity protection for its computer systems.
One such cybersecurity layer of protection is multi-factor authentication. Multi-Factor Authentication requires users to provide more than one factor of identity by automatically generating single use passwords to identify authorized users for access to systems. This provides a much higher level of trust that only authorized users can gain access to your systems. Had the water treatment center had this protection in place, it is extremely unlikely that the hacker could gain access into the system.
Contact Total at 631-777-7477 or email@example.com to find out more about our cybersecurity solutions and how we can help provide cybersecurity protection for your IT infrastructure.