A water-treatment plant in Oldsmar, Fla., was hacked, and the intruder briefly increased the amount of lye used to treat water to a dangerous level, authorities said Monday.
A plant operator noticed the alteration Friday and immediately reversed it, avoiding adverse effects on the city’s water supply. But the breach highlights the exposure of utilities to cyberattacks.
“Water systems, like other public utility systems, are part of the nation’s critical infrastructure and can be vulnerable targets when someone desires to adversely affect public safety,” said Pinellas County Sheriff Bob Gualtieri at a news conference Monday about the incident.
The hacking began on Friday morning at the plant in Oldsmar, a city of about 15,000 people in the Tampa Bay area, Sheriff Gualtieri said. Around 8 a.m., a plant operator noticed that someone remotely accessed a computer system he was monitoring that controls chemicals used to treat water as well as other functions. The computer system has a software program that allows authorized users to access it remotely.
The intruder got into the utility’s industrial control-system through TeamViewer , a tool that allows engineers to monitor and repair computers and network machines, Sheriff Gualtieri said in an interview. Though the utility had switched to a different tool six months ago, he said, the TeamViewer program remained in place but unused, providing the door through which the intruder entered and gained full access to the system.