OLDSMAR, Fla. — Pinellas County detectives are investigating a computer software intrusion at Oldsmar’s Water Treatment Plant, and say the intruder briefly attempted to change the chemical makeup of the water supply.
The Pinellas County Sheriff’s Office said that on Feb. 5, deputies were notified by the city of Oldsmar that their computer system had been remotely accessed by an unknown person.
“Water systems, like other public utilities systems, are part of the nation’s critical infrastructure and can be vulnerable targets when someone desires to adversely affect public safety,” Sheriff Bob Gualtieri said.
Detectives said the Oldsmar computer system at the water treatment plant allows for remote access by authorized users to troubleshoot any problems from other locations.
The initial intrusion at 8 a.m. local time was brief and did not have a cause for concern. However, at 1:30 p.m., a plant operator saw a second remote access user opening different functions in the system that controls the amount of sodium hydroxide in the water.
The sheriff’s office said the operator noted the remote access user raised the levels of sodium hydroxide in the water, from around 100ppm to 11,100ppm The operator immediately reduced the levels to the appropriate amount.
“This is obviously a significant and potentially dangerous increase sodium hydroxide also known as lye is the main ingredient in drain cleaners. It’s also used to control water acidity and remove metals from drinking water,” the sheriff said.
The initial investigation states the hacker remotely accessed the treatment plant’s computer for about three to five minutes.
“At no time was there a significant effect on the water being treated, and more importantly the public was never in danger,” Gualtieri said.
The sheriff’s office said the FBI and Secret Service are assisting with the investigation.
“We don’t know right now whether the breach originated from within the United States or outside the country. We also do not know why the Oldsmar system was targeted and we have no knowledge of any other systems being unlawfully accessed,” Gualtieri said.
However, the sheriff said they’re asking other governments in the Tampa Bay area with critical infrastructure components to review their computer security protocols and make any necessary upgrades.
“I would say this isn’t something specific to a water treatment plant, it’s specific to a network, it’s specific to the remote capability for anyone in any industry to have confidential information and remote access to a system particularly breached,” said Ian Marlow, the CEO of FitechGelb, a cybersecurity company.
Oldsmar’s city manager said they’ve disabled the program that enabled the hacking to happen and are looking at upgrades to other parts of their system. They also noted if the operator hadn’t caught the change, other steps in the system would have.
“I will be asking the @FBI to provide all assistance necessary in investigating an attempt to poison the water supply of a #Florida city. This should be treated as a matter of national security,” Sen. Marco Rubio, R-Florida, tweeted.
The investigation is ongoing.
This story was originally published by Lisette Lopez on WFTS in Tampa, Florida.