Hackers gained access to control systems of a water treatment system in Florida and attempted to poison the drinking water supply, a U.S. government alert stated.
The attackers exploited trivial security weaknesses such as poor password security, desktop sharing software, or deprecated operating systems to gain unauthorized access to the SCADA system.
Attackers used the system to increase the level of sodium hydroxide, also known as lye, a caustic chemical, according to the US Cybersecurity and Infrastructure Security Agency (CISA) alert.
The attempted 11,000% increase of sodium hydroxide in the drinking water supply would have endangered the health of nearby communities.
U.S. Senator Marco Rubio (R-FL) said in a tweet he would ask the FBI to “provide all assistance necessary in investigating an attempt to poison the water supply of a Florida city. This should be treated as a matter of national security.”
This incident has sparked discussion among risk professionals and placed vulnerabilities to U.S. critical infrastructure in the spotlight.