Switzerland targeted by attacks – drinking water suppliers invest in security
by Marketing
Hackers poison drinking water plant in Florida
With just a couple of mouse clicks, hackers in Florida altered the blend of drinking water additives, increasing the quantity of one chemical a hundredfold. In Switzerland, too, hackers have already tried to break into drinking water plants.
The region around Tampa, Florida, has narrowly escaped a catastrophe. Unidentified hackers managed to log into the system of a drinking water treatment plant and increase the proportion of sodium hydroxide in the water by more than a hundredfold. Fortunately, an employee at the plant spotted the attack in time.
The attack took place in Oldsmar, a town near Tampa that is home to around 15,000 inhabitants. As Sheriff Bob Gualtieri reports, the hackers had increased the content of the chemical from 100 to 11,000 parts per million. "This is a significant and potentially dangerous increase," says Gualtieri. This is because, in large quantities, the substance can cause chemical burns.
The hackers first invaded the system at around eight o'clock last Friday, perhaps to scout out the situation, before leaving again. The actual attack occurred at around 13:30 and lasted a mere three to five minutes. An employee watched his screen as his cursor suddenly began to move of its own accord and, as if controlled by a ghost, started opening multiple water treatment programs.
The employee immediately lowered the proportion of this chemical again, preventing a catastrophe.
The questions of who the hackers behind this attack are, and where they come from, remain unanswered.
Sodium hydroxide is used in water treatment plants to control the acidity of the water and to remove metals from the drinking water. Even if the change had not been noticed immediately, it would have taken between 24 and 36 hours for the treated water to reach the supply network. The case is now also being investigated by the FBI.
Hackers attack in Ebikon, Lucerne
Switzerland has also been the target of hackers attempting to attack drinking water supplies, as Christos Bräunle, Head of Communication at the Swiss Technical and Scientific Association for Gas and Water (SVGW), reports to BLICK. The events in Ebikon, Lucerne, in 2018 are well-known, when thousands of malicious requests were sent from London and Korea. However, in this case the IT system was able to fend off the attacks.
In Switzerland, physical attacks on drinking water pose almost no threat. Bräunle is aware of a single such incident, when a farmer from the Ravensburg region allegedly attempted to threaten the water supply and demand money. Bräunle recalls, "Two open canisters of atrazine, each containing five litres of the herbicide, were found 60 metres below the surface of Lake Constance. Fortunately, the water in the lake diluted the atrazine significantly, meaning that the attack had no effect on the quality of the drinking water."
New security standards
In light of increasing digitalisation, the SVGW collaborated with the Swiss Federal Office for National Economic Supply at the end of 2020 to establish a minimum standard for security in the water supply industry. The document enables water suppliers of all sizes to independently assess cyber risks using a uniform industry standard, and to adapt their security level according to their resources, risk assessment and supply relevancy.
The publishers believe that "a large-scale failure of the water supply caused by cyber attacks would have devastating consequences for the affected segments of the population and for the economy."
In recent years, the USA has seen a rise in hacker attacks over the past few years, primarily on small companies. It seems that cyber criminals are familiarising themselves with the sequence of the systems here, potentially with the aim of attacking a larger system at a later date, manipulating it or holding it hostage and demanding a ransom payment.
https://www.blick.ch/ausland/auch-angriffe-in-der-schweiz-die-trinkwasserproduzenten-investieren-in-die-sicherheit-hacker-vergiften-trinkwasser-anlage-in-florida-id16338951.html, retrieved on 09.02.2021