The attacker knew exactly where to aim. He altered the NaOH dose rate by a factor of approximately 100, increasing the amount of chemical added to the water to dangerous levels. However, the water plant’s operational monitoring system immediately detected an excessive amount of the inorganic substance. Thanks to the operator’s quick intervention, the dosage was brought back to normal. However, if the water pH monitoring system had not reacted correctly, or had been attacked and rendered inoperable by the attacker, there could have been a serious impact on human health. Control systems in modern water treatment plants use instrumentation that continuously monitors water quality parameters such as pH or chlorine. They provide real-time alerts when acceptable limits are exceeded. Critical parameters are typically monitored at multiple points, not only during the treatment process, but also in the transmission and distribution systems. “In Slovakia, elevated levels of chemicals in the water are even detected by rainbow trout, which are extremely sensitive to it. It’s a kind of unhackable analogue fuse. However, despite the many security features, there is always a risk of critical industrial processes being disabled by a sophisticated attack,” explains security consultant Martin F\u00e1bry. <\/p>\n\n
The situation during a pandemic is even more complex. Companies have to maintain control systems remotely over the internet. However, such connections often have a low level of security. There are currently hundreds of thousands of control systems on the Internet that should not be visible because they are vulnerable and could be easy targets. Their visibility multiplies the likelihood of an attack. “This is the result of ignorance or indifference. Water companies are often financially malnourished and suffer from weak cyber defences. That’s why they are classified as one of the highest risk sectors for critical infrastructure,” says Fabry. According to him, IT teams in Slovakia are undersized and there are very few cyber experts who would be able to build a robust programme to protect critical infrastructure. He says similar attacks could hit other critical sectors such as refineries, petrochemicals and energy. Their impact on society could be perceptible, even dangerous. “Therefore, it is imperative to take cyber security with full seriousness and implement in-depth cyber defences. It is a matter of national security,” warns the critical infrastructure auditor. <\/p>\n","protected":false},"excerpt":{"rendered":"
An unknown hacker hacked into the control system of a water plant in Florida and changed the dosage rates of sodium hydroxide and altered the quality parameters of the drinking water. Does this sound like a promising start to an action movie to you? According to security consultant and critical infrastructure auditor Martin Fabry, this case from February 2021 could happen again in Slovakia. <\/p>\n","protected":false},"author":2,"featured_media":4374,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[52],"tags":[],"cislo-magazinu":[35],"class_list":["post-4856","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-through-the-eyes-of-experts","cislo-magazinu-35"],"yoast_head":"\n