Security gaps in operational tech exposed with hacker attempt to poison Florida city water

From scmagazine.com

A malicious hacker’s attempted poisoning of the Oldsmar, Florida water supply serves as a stark reminder of the potentially devastating consequences that can result from operating vulnerable and unsecured industrial controls in a critical infrastructure environment.

Oldsmar and Pinellas County, Fla. officials today revealed that an unknown individual last Friday morning hijacked a remote access system used by employees at the city’s water treatment plant. The hacker attempted to increase the amount of sodium hydroxide in the water from 100 parts per million to 11,100 parts per million. Sodium hydroxide, which is found in drain cleaners and is commonly known as lye, is used to reduce the acidity of water and make it more potable – but too much of it makes the water caustic and potentially deadly.

Read more…