It’s fair to suggest that something as critical as drinking water should be properly protected. If the American government will keep the nuclear arsenal disconnected from the internet and rely on floppy disks for added protection, then surely drinking water gets a similar treatment?
Unfortunately, two instances of someone remotely accessing a municipal water supply show this isn’t the case.
There was the case of the water treatment facility in Florida where a hacker changed the chemical levels. Something similar to that happened in Ellsworth County in Kansas in 2019. 22-year-old Wyatt Travnichek now stands accused of shutting down the water purification system with the “intention of harming it,” according to the Department of Justice.
The incredible thing about these stories is that the water supply was left open to tampering. The municipalities installed remote access software to allow employees to access and monitor the systems. Travnichek was one such employee. He isn’t even accused of “hacking” into the system as he used his own credentials to log in remotely months after leaving his job. His access was never taken away. Once in the system, Travnichek started shutting things down and now faces up to 20 years in prison for it.
This incident is similar to what happened in Florida. The water treatment plant didn’t bother changing the password or removing the old remote control software after installing a newer version. Perhaps it’s time we stopped doing things like that and started better protecting the national water supply.
For what it’s worth, Cyberscoop spoke to a customer service representative with the Kansas water utility who claimed the hack didn’t affect residents’ drinking water.