In Florida, a near-miss with a cybersecurity worst-case scenario

I worry that this might just be a practise run for a mass attack. I hope other users of the same system have been notified and advised on mitigation of the threat…:

A hacker broke into a Florida water treatment plant and ordered it to increase the amount of lye in the water to extremely dangerous levels, officials said Monday.

The plant operators noticed and remedied their systems before anyone was put in danger, but the event highlights the risks of internet-connected controls to civic infrastructure.

In a news conference Monday, Pinellas County Sheriff Bob Gualtieri said that on Friday morning an unknown hacker broke into a program designed to help water treatment operators in Oldsmar troubleshoot problems with the computerized parts of their treatment systems. The program is intended to give full, remote access to a plant computer, but only by authorized users.

Later that afternoon, the system was breached again. A hacker, who authorities believe to be the same one from the initial breach, took control of the computer and changed the acceptable level of sodium hydroxide — better known as lye, the main ingredient in many household drain cleaners — from 100 parts per million to 11,100 parts per million.

A water plant operator noticed immediately and corrected the change, Gualtieri said, adding that if the operator had missed it and the change didn’t trigger some of the plant’s alarms, the lye could have seeped into the water supply in 24 to 36 hours.

[…]

Original article