Water resources are critical to all life on Earth, the proper treatment, composition and supply of this resource must be closely monitored to prevent harm. This also makes it a prime target from the ill-intentioned, who may seek to critically affect countries. Cyber-attacks in water treatment plants are not a new threat, but they have become prevalent in recent years. Numerous attacks have been made on water systems worldwide and have forced a lot of people to be aware of this danger because public health is connected to systems that have cyber security vulnerabilities.
A recent attack occurred in a water treatment plant in Oldsmar, Florida on the 5th of May 2021. A hacker gained entry to the plant’s operator station through an exposed TeamViewer application. The operator noticed his cursor moving on the screen but not before the hacker increased the levels of Sodium Hydroxide in process. The attempt was thwarted by the operator who was able to reverse the change to the settings, before the toxic levels of the chemical reached the water.
This incident is not isolated, more attacks have occurred in various forms through the years:
2013 – Bowman Avenue Dam was hacked by members of Iran’s Islamic Revolutionary Guards Corps through a cellular modem and prevented water from being released.
2016 – Hacker group gained access to SCADA systems at an unnamed treatment plant where they changed the levels of chemicals used and accessed sensitive customer information
2016 – Hacker group gained access to SCADA systems at an unnamed treatment plant where they changed the levels of chemicals used and accessed sensitive customer information.
Cyber-attacks are the new modern warfare and companies can no longer afford to have any variabilities in their systems. Water Treatment Plants in particular, need to proactively get their facilities assessed for vulnerabilities and work towards eliminating them.