Wednesday, 24 February 2021 22:52

Reflections on the recent Florida water 'hack'

Reflections on the recent Florida water 'hack' Image by Mohamed Hassan from Pixabay

This has been something of a beat-up.

Surely everyone has been made aware of the recent 'hacker intrusion' at the Oldsmar, Florida water treatment facility. As some background, this is a small plant that sources water from a bore field and delivers potable water to around 15,000 households (and presumably some businesses as well, based on a cursory inspection on a mapping site).

Here's the basic scenario.

Early on the morning of Friday February 5th, the plant operator was watching the system management screen and noticed the mouse move - it wasn't him. Nothing else happened. Later that morning, they again saw the mouse move, and this time, the cursor was placed in the NaOH (Sodium Hydroxide) field and the one key was pressed twice at the front of the field.

The local Sherriff, Mayor and City Manager held a press conference where they insisted that the act was caught quickly and since the 'pipeline' from adding Sodium Hydroxide to the water to it reaching homes was at least a couple of days, and there were multiple testing points along that path, the public was never in danger.

Having worked in industrial control systems for around 13 years, MUCH of this reads like a beat-up to me.

It has been widely reported that the intruder made use of a TeamViewer client running on the control computer so that plant managers could check the status from outside the building (perhaps from home, who knows). This is stupid! Do they not trust the operators? Further, most SCADA (Supervisory Control And Data Acquisition) systems permit the configuration of read-only clients that will display system status, but cannot accept modifications. If all else fails, point a webcam at the screen and have the managers connect to that!

Having read widely on this topic and been privy to some 'off-the-record' discussions amongst SCADA security experts, here's what I can glean.

It seems that the TeamViewer access details had been posted on a 'compromised credentials' web site only a few days earlier and (I haven't checked but) I expect the site to also appear in the SHODAN database.

In most SCADA-based systems, key variables would be configured with range limits that the system would not be able to exceed. This is entirely normal practice when configuring a SCADA client.

As I see it, the intruder was probably little more than a 'script kiddie' who once gaining access, put the cursor in the NaOH field and bashed the '1' key a couple of times to see if he had read/write access. If he'd pressed 'enter' the change would almost certainly not have been written to the control system.

Note that (as mentioned in the preamble) this treatment plant draws its source water from a bore field, where the chemistry barely changes over a weeks-long timeframe - they could have shut the SCADA system down and allowed the PLCs etc to run with current value for weeks on end with no ill-effect to the quality of the water distributed to residents.

Overall, I'm not hugely bothered by this incident and I rather suspect it has been beaten up into something more than it needed to be to create a salutary lesson to other operators.

Your mileage may vary, of course.

Read 3374 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


Hybrid cloud promises to bring together the best of both worlds enabling businesses to combine the scalability and cost-effectiveness of the cloud with the performance and control that you can get from your on-premise infrastructure.

Reducing WAN latency is one of the biggest issues with hybrid cloud performance. Taking advantage of compression and data deduplication can reduce your network latency.

Research firm, Markets and Markets, predicted that the hybrid cloud market size is expected to grow from US$38.27 billion in 2017 to US$97.64 billion by 2023.

Colocation facilities provide many of the benefits of having your servers in the cloud while still maintaining physical control of your systems.

Cloud adjacency provided by colocation facilities can enable you to leverage their low latency high bandwidth connections to the cloud as well as providing a solid connection back to your on-premises corporate network.

Download this white paper to find out what you need to know about enabling the hybrid cloud in your organisation.



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


David Heath

David Heath has had a long and varied career in the IT industry having worked as a Pre-sales Network Engineer (remember Novell NetWare?), General Manager of IT&T for the TV Shopping Network, as a Technical manager in the Biometrics industry, and as a Technical Trainer and Instructional Designer in the industrial control sector. In all aspects, security has been a driving focus. Throughout his career, David has sought to inform and educate people and has done that through his writings and in more formal educational environments.

More in this category: « How 'smart' is my country
Share News tips for the iTWire Journalists? Your tip will be anonymous