Security News > 2021 > February > What’s most interesting about the Florida water system hack? That we heard about it at all.
Stories about computer security tend to go viral when they bridge the vast divide between geeks and luddites, and this week's news about a hacker who tried to poison a Florida town's water supply was understandably front-page material.
"A supervisor working remotely saw the concentration being changed on his computer screen and immediately reverted it, Gualtieri said. City officials on Monday emphasized that several other safeguards are in place to prevent contaminated water from entering the water supply and said they've disabled the remote-access system used in the attack."
The only federal law that applies to the cybersecurity of water treatment facilities in the United States is America's Water Infrastructure Act of 2018, which requires water systems serving more than 3,300 people "To develop or update risk assessments and emergency response plans."
"It's a difficult thing to get organizations to report cybersecurity incidents," said Michael Arceneaux, managing director of the Water ISAC, an industry group that tries to facilitate information sharing and the adoption of best practices among utilities in the water sector.
"Separate from the sort of folks who wander into a SCADA system by mistake on the water side are a bunch of ransomware attacks against the business side of the water systems," he said.
Hildick-Smith said while water systems are required to periodically report data about water quality to the U.S. Environmental Protection Agency, the agency has no real authority to enforce the cybersecurity assessments.