An unknown hacker broke into a Florida city's water supply and briefly pushed levels of a potentially dangerous additive up 100-fold, local law enforcement said Monday.
The hack was noticed quickly and reversed immediately, so no one in the Tampa suburb of Oldsmar was ever in danger, Pinellas County Sheriff Bob Gualtieri said.
But it underscored the broader threat of cyberattacks to US infrastructure, he added.
A computer operator for the Oldsmar water treatment system noticed Friday afternoon someone remotely accessing the plant's controls, Gualtieri said.
The operator watched the mouse pointer move between various functions for several minutes before opening the controls for adding sodium hydroxide to the water.
The chemical, also known as lye and used in drain cleaners, is added in very small amounts to control acidity and remove metals from the water before it goes to consumers.
But the hacker raised the input level from 100 parts per million to 11,100 parts per million -- 100 times normal -- before exiting the system, Gualtieri said. "This is obviously a significant and potentially dangerous increase," he told a press conference.
"Luckily it was caught right away."
Gualtieri said water users were never threatened, because even if the hack had not been spotted immediately, it would have taken at least 24 hours for the water with high sodium hydroxide levels to reach consumers.
In the meantime, he added, safety mechanisms would have alerted officials to the change in water quality.
He said the FBI and US Secret Service were called in to help investigate, but so far there were no suspects.
Investigators did not know if the hack came from within or outside the United States, or why Oldsmar was targeted. "Water systems, like other public utility systems, are part of the nation's critical infrastructure, and can be vulnerable targets when someone desires to adversely affect public safety," Gualtieri said.