By Peter Chawaga
In the latest shocking breach of critical drinking water infrastructure in the U.S., a hacker was able to access a Bay Area drinking water system’s digital network and attempted to alter effluent quality.
“The hacker obtained a former employee’s TeamViewer credentials to log on and delete programs to treat drinking water, according to the Northern California Regional Intelligence Center,” Fox Business reported. “The Jan. 15 hack was discovered the next day and there were no failures as a result of the breach.”
Though the hack took place months ago, it was only recently publicly disclosed via an NBC News report. And though no harm was done, it appears to have been a remarkably close call.
“On Jan. 15, a hacker tried to poison a water treatment plant that served parts of the San Francisco Bay Area. It didn’t seem hard,” as NBC News put it.
It was not immediately clear what motivated the hacker or hackers or how they managed access to the TeamViewer accounts. Following the public revelation of the attack, the case was still under FBI investigation.
This was just one alarming cybersecurity breach in what appears to be a growing trend for drinking water treatment operations. A similar attack occurred soon afterward in Oldsmar, Florida, in which a hacker was able to raise the levels of lye in drinking water to poisonous levels before an employee caught them and fixed the issue.
The Biden administration seems intent on curbing the cyber threat to drinking water utilities, as well as other critical infrastructure in the country, recently vowing to improve cybersecurity in the water sector and others. But the challenge is significant.
“Of all the country’s critical infrastructure, water might be the most vulnerable to hackers: the hardest in which to guarantee everyone follows basic cybersecurity steps, and the easiest in which to cause major, real-world harm to large numbers of people,” per NBC News. “Whether hacks on water plants have recently become more common or just more visible is impossible to tell, because there is no comprehensive federal or industry accounting of water treatment plants’ security.”
Without major changes to drinking water vulnerabilities soon, it seems that this will just be another example in what could be a growing trend.
To read more about how drinking water treatment operations protect themselves from hacks, visit Water Online’s Resiliency Solutions Center.