Oldsmar, FL’s, water treatment facility was hacked via a remote access software package, with potentially devastating results (and which access has much broader implications for our nation).
One of them [software functions] regulates the level of sodium hydroxide, or lye—a main ingredient of drain cleaners that also is used to control water acidity and remove metals from drinking water, Sheriff Gualtieri said. The hacker increased the amount of lye from about 100 parts per million to 11,100 parts per million, he said.
That’s bad enough, but there’s this, that enabled the hack [emphasis added]:
The intruder got into the utility’s industrial control-system through TeamViewer, a tool that allows engineers to monitor and repair computers and network machines, Sheriff Gualtieri said in an interview. Though the utility had switched to a different tool six months ago, he said, the TeamViewer program remained in place but unused
Aside from the foolishness of allowing remote software access to any government facility, I have to ask: where was IT on this? Why was a disused and superseded remote access software package left in place for so long?