You might have heard the story about hackers remotely breaching a Florida water treatment plant to try to alter water chemical levels in a move that could have poisoned thousands of residents.
Senate Intelligence Committee Chair Mark R. Warner wants to know what’s up.
“The security and integrity of our critical infrastructure is of utmost importance. The Cybersecurity & Infrastructure Security Agency (CISA) states that 80% of the United States receives potable water from approximately 153,000 public drinking water systems, and any type of attack, including a cyber attack, could result in ‘illnesses or casualties and/or a denial of service that would also impact public health and economic vitality,’” Sen. Warner werote in a letter to the assistant director of the FBI and the acting assistant administrator at the EPA.
“This incident has implications beyond the 15,000-person town of Oldsmar. While the Oldsmar water treatment facility incident was detected with sufficient time to mitigate serious risks to the citizens of Oldsmar, and appears to have been identified as the result of a diligent employee monitoring this facility’s operations, future compromises of this nature may not be detected in time.
“The Federal Government must ensure we are taking all precautions to keep drinking water safe for Americans. Designated as one of the 16 infrastructure sectors critical to national security under the Presidential Policy Directive 21 (PPD-21), we must protect water facilities from cyber and other compromises.”
The context: a water treatment facility in Oldsmar, Fla., was accessed remotely on Feb. 5 by hackers, who increased sodium hydroxide levels from 100 parts per million to 11,100 parts per million, a dangerous amount that could have sickened town residents, had the attack gone unnoticed by a plant employee.
In his letter, Sen. Warner requested a progress update on the FBI’s investigation into this incident. He also asked for an EPA review into whether the Oldsmar water treatment facility was compliant with the most recent Water and Wastewater Sector-Specific Plan, and whether that plan needs to be updated to confront similar risks.
Warner also inquired about any plans to share timely threat information related to this incident with water and wastewater facilities, and other critical infrastructure providers.
A copy of the letter can be found here.