Late on Monday night, reports emerged of an attempted attack on a city in Floridas water supply. It is the latest in an increasing number of attacks on critical national infrastructure across the globe. Here at Siker Cyber, we specialise in working with organisations and governments, training their teams on how to identify and mitigate some of the circumstances that can lead to such attacks, this latest attempt demonstrates the significant risks that bad actors can pose. 

Reports in Florida detailed how an (unknown at the time of writing) hacker gained access to the city of Oldsmars water system. On Friday morning the hacker(s) remotely accessed a computer controlling the citys water supply. An Oldsmar water plant operator noticed the attempt to access the computer but assumed it was his supervisor. 

Later on, Friday afternoon, the hacker increased the amount of sodium hydroxide in the citys water treatment system for a brief period of time, before a worker noticed the change and fixed the issue. Sodium hydroxide is commonly found in liquid drain cleaner and ingestion of the chemical could lead to severe illness. 

Stuart Harwood, Sikers Global Assessments Lead says that: We are now hearing more details about the Florida – Oldsmar hack on Fridaythe reports we have seen are that the adversaries have used a version of TeamViewer to gain access to an element of the ICS system

Once in the system the adversaries have adjusted the sodium hydroxide to a dangerous levelThis action was reportedly only caught because an operator has observed the sodium hydroxide levels being manipulated live on screen 

We fully recommend that a software asset list is created for all critical systems and kept up to date on a regular basisThis may add a lot of overhead to operator workload but is necessary when talking about security in this mannerWe also would recommend that operators do not download and use connectivity software in the manner on critical systemsThere are other methods for achieving remote access on ICS systemsif you would like to talk about methods to achieve thisplease do not hesitate to contact us.” 

As with the Florida attack, it is often workers on the front line of a country, state, or citys infrastructure system who are best placed to notice such an incident. Additionally, these employees are most likely to inadvertently leave an infrastructure system open to attack. 

With incidents similar to Fridays attack in Florida on the rise, organisations involved in managing critical national infrastructure must ensure their workforce are aware of the security risks posed by outdated systems and poor practice. Often, its small and seemingly inconsequential oversights, such as a plant worker assuming a remote access attempt had been made by a supervisor, that can lead to the escalation of an attack.  

We offer a series of courses and workshops along with diagnostics, advisory, and assurance services to mitigate the likelihood of such an attack. For more information, get in touch with us via our website at