A top senator on Wednesday asked for details about the probe into the hacking of a Florida water plant.
Warner wants to be informed of the progress of the FBI’s probe into the incident and that the Environmental Protection Agency review whether the facility that was hacked in is compliance with the most recent Water and Wastewater Sector-Specific Plan. He also requested confirmation that the U.S. government is sharing timely threat information related to the incident with other water and wastewater facilities.
“The federal government must ensure we are taking all precautions to keep drinking water safe for Americans. Designated as one of the 16 infrastructure sectors critical to national security under the Presidential Policy Directive 21 (PPD-21), we must protect water facilities from cyber and other compromises,” he added.
Hackers remotely breached the water treatment facility in Florida on Feb. 5. They upped sodium hydroxide levels from 100 parts per million to 11,100 parts per million. Sodium hydroxide is also known as lye.
“This is obviously a significant and potentially dangerous increase,” Pinellas County Sheriff Bob Gualtieri told reporters at a press conference.
A plant operator noticed what was happening and the situation was fixed before it could affect residents.
“Early information indicates it is possible that a desktop sharing software, such as TeamViewer, may have been used to gain unauthorized access to the system, although this cannot be confirmed at present date,” the agency said, adding that continuing to use any operating system beyond its end of life status could provide an entry point for cyber criminals.
Experts recommended plants install independent cyber-physical safety systems and update to the latest version of an operating system while utilizing multiple-factor authentication and using strong passwords.