Now Is the Time to Invest in the Security of Our Public Water Infrastructure

April 2021

In late March, President Biden announced a massive infrastructure spending proposal with broad impacts on a variety of infrastructure types across the country. Included in the proposal was at least $111 billion in spending on water infrastructure improvements, much of it focused on eliminating pollutants and ensuring that the water that reaches individuals’ homes is safe to drink. However, this initial proposal did not include dedicated funding to secure the nation’s water supply from emerging cyber threats or to strengthen the cybersecurity requirements for water treatment facilities, which are desperately needed to protect our water supply from potential cyber threats.

In just the past few months, authorities have uncovered attempts by bad actors to tamper with public water supplies in Oldsmar, Florida, and in Ellsworth County, Kansas. In both instances, attackers illegally leveraged remote access capabilities in an attempt to alter the balance of chemicals used to treat public drinking water – changes that could poison or kill thousands of people.

In the Oldsmar case, an unknown intruder attempted to poison the public water supply by drastically increasing the amount of sodium hydroxide used in the water treatment process. The chemical, commonly known as lye, is used in small doses to safely treat drinking water but is deadly in larger concentrations. The attempt to poison Oldsmar’s drinking water was thwarted by timely intervention of an observant operator, who quickly corrected the chemical balance and alerted supervisors, while automated systems would have prevented the release of the poisoned water.