Force Flow Scales

Hacker dangerously raises sodium hydroxide levels at Florida water plant


Digital forensics experts in Florida’s Pinellas County are investigating a software hack of the City of Oldsmar’s water treatment plant computer system.

On February 5, an operator at the treatment plant, which serves some 15,000 people, witnessed two attempts to breach the plant’s software. During the second remote access, the hacker significantly raised the levels of sodium hydroxide in the facility’s water, local officials said.

The plant’s sodium hydroxide was originally set at 100 ppm to control the water’s pH levels and prevent pipe corrosion, but the hacker tried to boost those levels to 11,100 ppm. The operator immediately reversed the effort, a press conference revealed.

Had the hack gone undetected, the spiked sodium hydroxide levels, or lye, could have caused skin damage or very severe gastrointestinal symptoms. It can even be deadly if ingested in large amounts.

Subscribe to our Newsletter!

The latest environmental engineering news direct to your inbox. You can unsubscribe at any time.

The plant operator noticed the unusual remote access to the system even though his supervisors would regularly take over his screen to make necessary adjustments or troubleshoot, explained Pinellas County Sheriff Bob Gualtieri, who noted that the hacker was in the system for three to five minutes.

Had the plant operator not noticed the hack, Sheriff Gualtieri said it could have taken between 24 to 36 hours before the new sodium hydroxide levels entered the system.

The plant’s remote access system was altered as soon as possible to prevent further hacks, said Gualtieri.

“Because of this security breach we are asking that all governmental entities within the Tampa Bay area with critical infrastructure components actively review their computer security protocols and make any necessary updates that are consistent with the most up-to-date practices,” Gualtieri told a news conference.

While law enforcement officials do have some leads in the hacking investigation, no suspect or motive has yet been identified. The County Sheriff’s office has started a criminal investigation along with the FBI and the Secret Service, Gualtieri said.


Please enter your comment!
Please enter your name here