Montgomery and Ravich: A cyber threat to water supplies

Jan 7, 2022

It’s rare that four government agencies issue a joint advisory on a potential threat to the basic health and welfare of the entire U.S. population. But that’s what happened in October when the FBI, National Security Agency, Cybersecurity and Infrastructure Security Agency and Environmental Protection Agency warned that U.S. water and wastewater systems are being targeted by “known and unknown” malicious actors.


Their warning is not a theoretical one. In February, a hacker or hackers breached the water-treatment system in Oldsmar, Florida, and attempted to raise the level of sodium hydroxide, or lye, in the water more than 100-fold — from 100 parts per million to 11,100 parts per million. Sodium hydroxide, used to control water acidity, is poisonous at high levels.

Though an alert employee noticed his computer mouse cursor moving on its own, reset the sodium hydroxide levels and alerted his supervisor, the danger was real. As Sen. Marco Rubio, R-Florida, said at the time, water-system cybersecurity is “a matter of national security.”

Back To Top