The Florida Water Supply Hack Demonstrates Our Vulnerability to Cyberattacks

(Psst: The FTC wants me to remind you that this website contains affiliate links. That means if you make a purchase from a link you click on, I might receive a small commission. This does not increase the price you'll pay for that item nor does it decrease the awesomeness of the item. ~ Daisy)

A seemingly innocuous story coming out of Oldsmar, Florida may have greater implications for the rest of the country and a potential preview of a coming SHFT scenario. This is because a hacker was able to successfully alter the levels of chemicals in Oldsmar’s water supply to “potentially damaging” levels.

While nobody got hurt and authorities assure us that there was no danger to customers, this event clearly demonstrates exactly how vulnerable our infrastructure is to a cyberattack. This event comes on the heels of a massive cyberattack last December for which a culprit was never identified.

A hacker increased an ingredient in drain cleaner to dangerous levels.

Pinellas County Sheriff Bob Gualteri said that a plant operator at Oldsmar’s water treatment facility first noticed that someone had remotely accessed the computer system he was monitoring. Those computers allow for remote access to selected people so that maintenance and troubleshooting can take place remotely. This is why the operator didn’t think much about the incident at first.

But it happened again that afternoon and the operator could then see the mouse moving on the screen opening different functions that controlled the treatment of the water in the system.

Gualtieri stated that the hacker was able to increase the sodium hydroxide levels in the city’s water from 100 parts per million to 11,000 parts per million.

“This is obviously a significant and potentially dangerous increase,” Gualtieri said. “Sodium hydroxide is the main ingredient in liquid drain cleaners. It’s also used to control water acidity and remove metals from drinking water in the water treatment plants.”

Gualtieri stated that the hacker exited the system after increasing the sodium hydroxide levels and the operator was immediately able to stabilize the levels and reduce the amount of sodium hydroxide.

Authorities say the public was never at risk.

“The public was never in danger,” Gualtieri said. “Even if the plant operator had not quickly reversed the increased amount of sodium hydroxide, it would’ve taken between 24 and 36 hours for that water to hit the water supply system.”

The Sheriff attempted to reassure the public by saying there are “redundancies in place” where the water would be checked before being released and consumed by the public.

Currently, law enforcement does not have a suspect but claims they do have a few leads.

Our infrastructure is incredibly vulnerable.

While the motivation behind the recent hacking of Oldsmar’s water supply may be unknown currently, it shines a light on the fact that America’s infrastructure is vulnerable to potential terror attacks, sabotage, or false flag operations.

According to a 2003 report from the US General Accounting Office, US water systems are at risk for disruption via human and malevolent means. As NTI reported,

A national panel of experts has warned that several components of U.S. drinking water systems are vulnerable to terrorist attacks, according to a U.S. General Accounting Office report released yesterday (see GSN, Aug. 4).

In its report, the GAO warned that U.S. drinking water systems could be the target of several types of terrorist attacks, including attacks using biological and chemical agents. To help water utilities better defend against acts of terrorism, Congress has allocated more than $100 million through fiscal 2004 to conduct vulnerability assessments and to develop security response plans.

A panel of 43 national experts convened by the GAO found that several “key physical assets” of drinking water systems were especially vulnerable to terrorist attacks. One of the components most cited by experts, the report says, was the distribution system — the network of pipes that carry water supplies from treatment plants and storage facilities to individual homes. The distribution system was seen as being especially exposed because of numerous accessibility points and because the addition of a biological, chemical or radiological agent could go undetected until it was too late because water at that point is close to being transferred to consumers, the report says.

In addition to distribution systems, experts also listed source water supplies and utility computer systems as also being susceptible to attack, the report says. It notes, however, that some experts said that source water supplies may be less vulnerable to acts of contamination because of the large amounts of water involved and because the water is treated before being transferred to consumers. Another water system component cited by some experts as a possible terrorist target is the treatment chemicals used at facilities, such as chloride, according to the report.

Although the water supply hacking event and the amount of water that would have been tainted would have been very small compared to that of the entire nation, the effects would still have been dramatic on the affected area as well as the surrounding areas.

It underlines the importance of testing your drinking water.

This hacking does, however, bring to mind the mysterious “sniper attacks” against California’s power grid and similar attacks that took place in Utah. Accidental chemical spills and algae bloom have also tainted water supplies over the years, not to mention the Flint, Michigan scandal.

Events like this underline the importance of testing your own drinking water regularly. (Here’s how.) For more information on water preparedness, check out this guide.

Few people outside the prepper and survival niches understand just how drastically their lives will change without the comforts of electricity or clean water that most take for granted, at least in this country.

It has been said before that the difference between civilization and chaos is the flip of a light switch. In 2021, that is still true, though it may be the push of a button.

What do you think about this event?

Do you believe this was an isolated incident? Or do you think it was something more insidious, like a test run for a larger and more serious attack? Will you make any changes to ensure that your personal water supply remains safe? Let’s talk about it in the comments.

About Robert

Robert Wheeler has been quietly researching world events for two decades. After witnessing the global network of NGOs and several ‘Revolutions’ they engineered in a number of different countries, Wheeler began analyzing current events through these lenses.

Picture of Robert Wheeler

Robert Wheeler

Robert Wheeler has been quietly researching world events for two decades. After witnessing the global network of NGOs and several 'Revolutions' they engineered in a number of different countries, Wheeler began analyzing current events through these lenses.

Leave a Reply

  • Simple solution.
    Get ALL utilities OFF the INTERNET.
    What foolish individual, just to save a buck, would use the INTERNET to control vital assets.
    Put them on private lines like we did BEFORE to Inet was popular.
    THINK before you ACT.

    • “What foolish individual, just to save a buck, would use the INTERNET to control vital assets.”

      because their supervisors told them to do so.

      because the bosses told the supervisors to do so.

      because the owners told the bosses to do so.

      because the owners’ tribe has a long term plan that requires it.

      • gman: Precisely. The internet was designed to create anonymity when convenient for “certain” users, causing not only the terrible divisiveness and open hatred we see on SM but the ability for hackers to render destruction.

  • Almost all utilities use SCADA systems, which are industrial control applications that were originally developed decades ago, before the internet, and coordinate all sub-systems. They are notorious for being hackable. Think water delivery systems, electric grid, sewage treatment plants, dams, irrigation systems associated with rivers, power plants, etc…

  • A friend of mine stated that they were using an old outdated Microsoft Windows and that’s why but I reminded him that the pentagon and every fed agency got hacked recently too.
    Anything hooked to an outside line on a computer is vulnerable.
    The water system is vulnerable too. How many “boil orders” have we seen due to improper treatment because of ineptitude, laziness or cutting cost corners?
    Often physical threats from nut jobs exist too. They get mad at the townspeople and attempt to poison the water supply.

    Take nothing for granted and have backup plans

    • Yep Windows XP, which hasn’t had updates in HOW LONG?
      At least I know that my water can’t be hacked.

  • Can reverse osmosis systems filter out any poisons introduced into the water system? We use a reverse osmosis system for all of our drinking water and cooking water. Because of the chlorine and fluoride in the public water system (not to mention heavy metals and other nasty chemicals), using unfiltered water when making sourdough bread or fermenting foods will destroy the bacteria and yeast you depend on to make the foods.

  • Per Matt in Oklahoma:
    “Take nothing for granted and have backup plans”

    I completely agree. Twenty years ago my local town water began tasting like the algae bloom from the local lake water supply. Yuckkkk. So I began using a kitchen countertop water distiller and haven’t looked back. I only need it for drinking and cooking water — washing the vehicle or watering the yard, etc, doesn’t need cleaned water.

    I even added a backup method of distillation that can use multiple other sources of heat in case of a long term power outage. If there’s any hazard from VOCs (volatile organic compounds) in the water, just let that boil off first for a short time.

    BTW, if you learn to cook by either rising steam and/or double boiling over that rising steam, you don’t even need cleaned water for the bottom pot — although I’d do the boil-off first if VOCs were a risk and I was steaming some goodies directly over that rising steam.

    I learned years later that distilling also eliminates worries about other contaminants — whether known or unknown, whether regulated or not regulated, or whether announced or not announced (like the Flint Michigan disaster). That saves me from worrying about regularly testing the water and worrying about whether something bad sneaked into the water in between such testing.


  • My well is not tied to any municipal system and works on solar with a generator as a backup. My house doesn’t not have a smart meter nor internet linked appliances. I am off grid. We choose not to have wifi. That upsets the satellite companies since all their new equipment is with wifi and not hard wired like we are with our satellite dish.

    It is not just the utility companies that can be effected. My bother put in a thermostat given to him by his electrical company up in Denver. Now they turn on and off his utilities at their convenience if there is a heavy load with no consideration to the hot or cold weather outside. Remember the less ties you have to the system, then the less control they have over you. Do you want someone in a warm cushy office controlling your electricity with a smart meter? Not just for hackers. Many of today’s appliances send messages out as to how often you are using them. Wasn’t it California that said how often you could shower or wash clothes?

    • With you all the way, Mette, or at least as far as I can be! I refuse to have any kind of tattling appliance in my home. I picked the one modem left that was up to spec and didn’t have wifi. All my internet in my house is hardline, including all internal connections. I use a flip phone for my cell, and the darn thing is several years old and still humming along just fine. It’s also not grafted to me! I can’t control all of what the city does but I don’t have a smart meter either. I have a backup water supply. I also refuse to use Windows 10 on any of my home computers – way too much tattling to Microsoft with that browser.

      I know I can’t avoid all the issues or dangers – but I can at least try not to feed the beast too much, within the realm of possibility. I doubt if I’ll ever get into a completely off grid situation but plenty can still be done.

      Back to the original topic of the article though. It doesn’t surprise me one bit that a whacko would do something like that, and it just underscores the need for everyone to be responsible and prepare in case of emergency, setback, or disaster.

  • Okay its TeamViewer…not a true hack per se. They probably had the remote ID and the password; maybe “Social Engineering” vice a true “hack.”

    Old motto from my previous life, “Where convenience begins…security ends.”

    1. True security would “air gap” this system; no external access to this system at all; if that is required.
    2. User should not be able to load applications on this computer; especially a remote access software package. This should be enforced by the IT administration and is very simple to do. Includes blocking RDP (3389 – by default)
    3. The network security folks should block Team Viewer or any other remote access software (including native to Windows (if that was the OS)) at the firewall level as a minimum if this computer had Internet access through the network.
    4. If absolutely needed. Setup a VPN connection which there are multiple ways to lock down if external access is critical.
    5. There are a lot of other steps that could have been taken to prevent this….I just listed a few.

    In short this was an “IT Fail.” Easily avoided by simple practices that have been around for a long time!

    Unfortunately having worked in this arena I see this all the time which means there are probably a lot more systems just like this one that are vulnerable.

  • When I first became really aware of terrorism I noticed that here in my state local water supplies are unguarded. Any nut with any intention can drop anything into the water. We have the strongest filter you can buy. Even when there isn’t a problem, tap water smells like the local swimming pool. You have to be nuts nowadays to drink straight from any tap.

  • BTW….I use rainwater harvesting on a pretty large scale. As I am totally “off grid” (including no Internet) Hacking is not an issue for me (except when I have a cold). I still filter my water coming in from the tanks. My backups include a pond, Berkey Filter (did I spell that right?) with a set or three of backup filters, a pallet or two of bottled water and as a last resort “Life Straws.”

  • My first thought was, ” someone is making DeSantis pay for standing up for the way the state is handling all this new garbage thrown from the big guy. It could have been a horrible scenario for thousands of vulnerable people if other safety measures weren’t in place.”

  • Thank you for this excellent warning of the vulnerability of water systems to a range of attacks. I’m rural, have lived only with a hand pump on my well, down 100ft, for a couple of years. Recently installed a standard well pump for my new on-grid cabin. However, the hand pump is still there in the well. I can use either or both at the same time. Grid down? I can hand pump and carry into the house OR run the well pump through my generator panel in the house. In the spring, I will install eavestrough to collect rain water from the monoslope roof of my 18 by 24 foot cabin. My back ups to the back ups? Several life straw or similar products of varying sizes for a range of bug-in or bug-out scenarios. Plus I am five minutes or less walk from a sizable lake. Wishing everyone the best with their water preps!

  • You Need More Than Food to Survive

    In the event of a long-term disaster, there are non-food essentials that can be vital to your survival and well-being. Make certain you have these 50 non-food stockpile essentials. Sign up for your FREE report and get prepared.

    We respect your privacy.
    Malcare WordPress Security