Cybersecurity

Senate Intel leader demands answers on Florida water treatment center breach

Senate Intelligence Committee Chairman Mark Warner (D-Va.) on Wednesday demanded answers around the investigation into the recent attempt by a hacker to breach and poison the water supply in a Florida city. 

Warner sent a letter to the FBI and the Environmental Protection Agency (EPA) asking for an update on their investigation into the breach of Oldsmar, Fla.’s water treatment facility, which officials announced earlier this month. 

A hacker successfully breached a system network and attempted to increase the level of sodium hydroxide, also known as lye, in the water to dangerous levels. The lye is used to control water acidity levels and remove metals, but is used in other settings as a liquid drain cleaner. 

The hacking effort was not successful, with an employee immediately correcting the level of sodium hydroxide to normal levels, and the 15,000 residents of Oldsmar were never in danger. Following the incident, the FBI and other state and federal agencies opened an investigation. 

Warner pointed to the dangerous hacking incident as having wider implications beyond Florida.

“While the Oldsmar water treatment facility incident was detected with sufficient time to mitigate serious risks to the citizens of Oldsmar, and appears to have been identified as the result of a diligent employee monitoring this facility’s operations, future compromises of this nature may not be detected in time,” Warner wrote to the agencies. 

Warner asked that the FBI update him on its investigation, that the EPA provide answers on whether the Oldsmar water treatment facility was up to date with federal security plans for the water and wastewater sector, and whether the federal government is sharing security intelligence with critical infrastructure providers so they can defend themselves. 

“The Federal Government must ensure we are taking all precautions to keep drinking water safe for Americans,” Warner wrote. 

The FBI, EPA, the Cybersecurity and Infrastructure Security Agency and the Multi-State Information Sharing and Analysis Center put out an alert last week addressing the incident, warning critical infrastructure operators against using desktop-sharing software that may create more cyber vulnerabilities.