This could have gone very badly.
According to local law enforcement, a hacker remotely accessed a computer system at Oldsmar, Florida’s water treatment plant and attempted to increase the amount of sodium hydroxide 100 fold, the Tampa Bay Times reports — a chilling sign of how cybercrime can endanger lives in the real world.
Sodium hydroxide, more commonly known as lye, is a corrosive compound used in small amounts to control the acidity of water. In high and undiluted concentrations, it can be lethal.
Both local and federal authorities are now investigating after Pinellas County Sheriff Bob Gualtieri announced the attack today.
“I’m not a chemist,” Gualtieri said at a news conference, according to the newspaper. “But I can tell you what I do know is… if you put that amount of that substance into the drinking water, it’s not a good thing.”
Lye to Me
Luckily, the hack did not actually end up altering the water supply of the city, which has a population of about 15,000.
“At no time was there a significant adverse effect on the water being treated,” Gualtieri said at the event, as quoted by the Times. “Importantly, the public was never in danger.”
Plant operators first noticed somebody was accessing the plant’s system remotely last week, according to the paper, which wasn’t deemed unusual as the system is routinely accessed remotely.
The system was then accessed remotely again later the same day, prompting the intervention. The system is now shut off from any remote access, officials said at the press conference.
Still, the episode highlights how vulnerable the connected systems at critical facilities can be. And that should be a wakeup call for the need for cybersecurity.
READ MORE: Someone tried to poison Oldsmar’s water supply during hack, sheriff says [Tampa Bay Times]
More on hacking: A Hacker Reportedly Gained Access to Tesla’s Entire Fleet