Lessons Learned from Oldsmar Water Plant Hack

Lessons Learned from Oldsmar Water Plant Hack

Cybersecurity experts have long warned of attacks on small municipal systems. Until hackers accessed the water treatment plant of a small Florida city this year, those warnings were “out of sight, out of mind.” Now, both local and national authorities’ perspectives on the dangers of cybersecurity attacks are changing.

The intrusion only lasted between three and five minutes, according to the Tampa Bay Times. In that time, the level of sodium hydroxide being fed to the city of Oldsmar, Florida—home to 15,000 people—was changed from 100 parts per million to 11,100 parts per million. It took five and a half hours for an employee to notice the change.

“This is dangerous stuff,” Pinellas County Sheriff Bob Gualtieri said at a news conference. Consumed in large quantities, sodium hydroxide can cause vomiting, chest and abdominal pain, skin burns, even hair loss, according to the Centers for Disease Control.

Florida Senator Marco Rubio addressed the attack on Twitter, calling it a “matter of national security.”

Why This Matters
This scenario is an example of how a critical infrastructure intrusion at any level puts residents’ lives at risk. Eric Chien, a security researcher at Symantec, described the Oldsmar city water plant as exactly the kind of utility security professionals need to worry about.

“This is a small municipality that is likely small-budgeted and under-resourced, which purposely set up remote access so employees and outside contractors can remote in,” Chien told The New York Times. He described it further as a ripe target.

Cybersecurity breaches can have catastrophic effects on any sized municipal entities, making protection against cyber threats, compliance, and responsible data management more important now than ever.

Critical Next Steps
Luckily, raised awareness around the importance of cybersecurity has also generated strategies for preventing these same kinds of events from being repeated. Today, security professionals can prepare their municipalities for all cyber threats by following these best practices:

Segment Operational Technology (OT) away from Information Technology (IT). While OT networks control elements in the physical world, IT systems manage crucial data networks. This means, separating the two means protecting OT devices from any possible digital breach.

Be aware of any remote access software (such as TeamViewer) in your environment. These programs may reduce the need for employees on site and streamline access, from anywhere in the world. Remote access software is also the most vulnerable to cybersecurity breaches.

Mitigate potential security breaches through apps, using strong passwords, two-factor authentication strategies, and by whitelisting (i.e., only allowing authorized sites access to your IT networks).

Make sure there is always a third-party continuously monitoring for any incidents. Just as important as cyber hardness is the ability to step in and mitigate the effects of breaches in real-time.

Conclusion
The event in Oldsmar, Florida, this year was an isolated event. Hackers remotely accessed a small town’s water treatment plant and tried to poison the water supply. Local authorities were able to intervene, before any serious damage was done. But this doesn’t mean similar entities in other cities are off the hook.

Cyberattacks have the potential to put thousands of lives in danger—make sure you are implementing smart, sustainable strategies to prevent this from happening to you.

About the Author

Jeremy Rasmussen is chief technology officer at Abacode.

Featured

  • Report: 47 Percent of Security Service Providers Are Not Yet Using AI or Automation Tools

    Trackforce, a provider of security workforce management platforms, today announced the launch of its 2025 Physical Security Operations Benchmark Report, an industry-first study that benchmarks both private security service providers and corporate security teams side by side. Based on a survey of over 300 security professionals across the globe, the report provides a comprehensive look at the state of physical security operations. Read Now

    • Guard Services
  • Identity Governance at the Crossroads of Complexity and Scale

    Modern enterprises are grappling with an increasing number of identities, both human and machine, across an ever-growing number of systems. They must also deal with increased operational demands, including faster onboarding, more scalable models, and tighter security enforcement. Navigating these ever-growing challenges with speed and accuracy requires a new approach to identity governance that is built for the future enterprise. Read Now

  • Eagle Eye Networks Launches AI Camera Gun Detection

    Eagle Eye Networks, a provider of cloud video surveillance, recently introduced Eagle Eye Gun Detection, a new layer of protection for schools and businesses that works with existing security cameras and infrastructure. Eagle Eye Networks is the first to build gun detection into its platform. Read Now

  • Report: AI is Supercharging Old-School Cybercriminal Tactics

    AI isn’t just transforming how we work. It’s reshaping how cybercriminals attack, with threat actors exploiting AI to mass produce malicious code loaders, steal browser credentials and accelerate cloud attacks, according to a new report from Elastic. Read Now

  • Pragmatism, Productivity, and the Push for Accountability in 2025-2026

    Every year, the security industry debates whether artificial intelligence is a disruption, an enabler, or a distraction. By 2025, that conversation matured, where AI became a working dimension in physical identity and access management (PIAM) programs. Observations from 2025 highlight this turning point in AI’s role in access control and define how security leaders are being distinguished based on how they apply it. Read Now

New Products

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.