State and federal officials are warning all water utilities to upgrade their cybersecurity after hackers attempted to poison the water supply of a small Florida city, raising alarms about the vulnerability of the nation’s water systems.
The Wisconsin Department of Natural Resources cautioned Wisconsin’s 611 municipal water systems Wednesday to take steps to secure their computerized control systems, including installing firewalls and using strong passwords.
According to the DNR, on Feb. 5, unidentified hackers gained access to the control system at a water treatment plant in Oldsmar, Florida, and altered the supply of sodium hydroxide, or lye, a caustic chemical used in the water treatment process.
The hackers broke in twice on the same day, but in both cases workers at the treatment plant noticed the change and corrected the problem before the water was affected.
The DNR did not respond to questions about whether it is tracking utility responses to the recommended measures, which were outlined by the Environmental Protection Agency. Officials from the Madison and Sun Prairie water utilities, the largest in Dane County, could not be reached late Wednesday afternoon.
Suspicious incidents are rarely reported and usually are chalked up to mechanical or procedural errors, experts say. No federal reporting requirement exists, and state and local rules vary widely.