Thursday, February 11, 2021

Glug glug glug

Our newspaper delivery person gets here when she doggone well gets around to it, we get mail maybe every other day if we're lucky (my December 14, 2020 New Yorker magazine arrived on January 22, 2021) and we have half a nation getting news from a former crackhead pillow salesman, but we still can count on a nice refreshing drink of cold clean water right out of the tap, can't we?

Maybe in most places, but have you heard about Oldsmar, Florida? That's where a hacker with plenty of time and lotion on his hands was actually able to hack into the water treatment plant. He tried to raise the amount of sodium hydroxide in the town's water from 100 parts per million to 11,100 parts per million.

Sodium hydroxide is also known as LYE. It's used to reduce acidity in water, but it's also found in soap and drain cleaner, so you really don't want to make your tea with it. Obviously it's bad for you; it can cause irritation, burns and other complications.


Oldsmar is about 15 miles northwest of Tampa and because of that alert supervisor, the city’s 15,000 residents were not at risk.

Pinellas County Sheriff Bob Gualtieri told a news conference Monday that the supervisor noticed the intrusion into the computer system and was able to stop the hack before a drop of water was poisoned. “At no time was there a significant adverse effect on the water being treated,” Gualtieri said. “Importantly, the public was never in danger.”


I guess it's important to have remote access to the computer that runs the water treatment system.  The town has disabled that system and they say there were other safeguards in place to stop someone from messing things up, but you know...

Tarah Wheeler is a Cybersecurity Fellow at the Harvard Kennedy School Belfer Center, and she wisely points out that it would be good for every city and town to make sure no one without authorization can befoul municipal water.

“The systems administrators in charge of major civilian infrastructure like a water treatment facility should be securing that plant like they’re securing the water in their own kitchens,” Wheeler said.  “Sometimes when people set up local networks, they don’t understand the danger of an improperly configured and secured series of internet-connected devices. It is not necessarily wrong or insecure to set up a system for remote access and monitoring.”

We like to think that it would take many complex steps to prevent someone from adjusting the amount of poison in our water. I mean, unless you have your own reservoir or something.




No comments: