Federal cybersecurity advisory offers new details on Oldsmar water supply cyberattack

OLDSMAR, Fla. (WFLA) – Two weeks have passed since the Pinellas County Sheriff said someone tried to poison the city of Oldsmar’s water supply through a computer system hack.

A federal cybersecurity advisory issued on Feb. 11 by the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, the U.S. Environmental Protection Agency and the Multi-State Information Sharing & Analysis Center offers new insight on the cyberattack.

In the summary of the “Compromise of U.S. Water Treatment Facility” from Feb. 5, the federal agencies said the attacker likely exploited cybersecurity weaknesses, including poor password security and an outdated operating system.

“Early information indicates it is possible that a desktop sharing software, such as TeamViewer, may have been used to gain unauthorized access to the system, although this cannot be confirmed at present date,” the report said.

The Pinellas County Sheriff’s Office, the FBI and U.S. Secret Service are still trying to figure out who is responsible for the cyberattack.

“We don’t know right now whether the breach originated from within the United States or outside the country,” Sheriff Bob Gualtieri said during his news conference on Feb. 8.

The attacker attempted to elevate the chemical lye to dangerous levels, the sheriff said, but an alert plant operator noticed suspicious activity on his computer screen and quickly reversed the levels to a safe amount.

“Luckily somebody stopped it beforehand, but what it did was open my eyes that there’s something going on in our state,” Florida Agriculture Commissioner Nikki Fried (D) said.

According to Fried, since 2013 Florida has faced the fourth most cyberattacks on local governments of any state.

Fried sent a letter to Gov. Ron DeSantis requesting a discussion on cybersecurity preparedness at the next cabinet meeting.

In light of the recent Oldsmar cyberattack, today I wrote to @GovRonDeSantis requesting that Florida's cybersecurity be discussed at our next Cabinet meeting.

I also wrote @FLCounties' @VoteMcKinlay and @FLCities' @OrlDistrict2 on preparing for cyberattacks on local government. pic.twitter.com/oxMg8fQxZO
— Commissioner Nikki Fried (@NikkiFriedFL) February 19, 2021

She shared with 8 On Your Side her message to local leaders in letters she sent to the Florida Association of Counties President and to the Florida League of Cities President.

“This is something that every city and county who has, not just only for their own cyber security but certainly when it comes to the water districts, is making sure that all systems are updated, that they’re not using old software, they’re constantly changing passwords,” Fried said.

Fried said there is an urgency to address cybersecurity in the Sunshine State.

“We might have some more cyberattacks in the future, which really could put people’s lives at risk if we don’t get this under control sooner than later,” she said.

Senator Marco Rubio (R) previously tweeted the breach of the Oldsmar water system should be treated as a “matter of national security.”

The chairman of the Senate Select Committee on Intelligence Mark Warner sent a letter to the FBI and EPA seeking answers about the investigation.

1580 - WPIX IDs