OLDSMAR, Fla. — Nearly one year after hackers attacked the water system in the city of Oldsmar, the Biden Administration is pledging support to boost the security of water facilities.
On Thursday, the administration announced it will extend the Industrial Control Systems (ICS) Cybersecurity Initiative to the water sector.
As part of the plan, water facilities will share more information about cyber threats as well as boost the cybersecurity of operating systems. For now, this pilot program is voluntary.
Eric Kron is a Tampa-based cyber security expert who teaches IT and security professionals how to protect their systems from online threats. He sees the Biden Administration's plan as a positive, yet overdue step.
Reflecting on the Oldsmar hacking incident, Kron says, "When I first heard about that, I thought, 'This could have really gone badly!' It's still pretty scary that this sort of thing can happen right in our backyard."
On Feb. 5, 2021, a hacker gained access to the Oldsmar water treatment facility and bumped the sodium hydroxide or lye in the water to more than 100 times the normal level.
An operator noticed the intrusion and immediately re-set the chemical balance.
The Pinellas County Sheriff's office, the FBI and U.S. Secret Service investigated the breach and said it was unclear if it came from within the U.S. or from a foreign actor.
Of course, the city of Oldsmar reported the attack, but Kron says that doesn't always happen.
"I have no doubt that this sort of thing happens quite often, but we never hear about it," Kron commended the city for making the hack public. "I think it’s very important rather than covering it up. And part of the new Biden plan is promoting the sharing of things like this. That way others can protect themselves when things like this happen."
Kron says our critical infrastructure sites - water treatment facilities, power systems, natural gas - are not only "hot targets" for these attacks, but they may also be particularly vulnerable.
"A lot of the time they're short-staffed; they don't have a budget for expertise. And let's be honest, cyber security expertise is expensive these days."
But the time is now, as this White House plan rolls out, these cyber threats are only ramping up.
"This is not going away and the more that we rely on computerized systems, and the more we have computerized data out there, the more valuable this is going to be to attackers," Kron says.