• Skip to primary navigation
  • Skip to main content
site logo
  • About
    • Approach
    • Partnerships
    • Mission
    • Leadership
    • Awards
    • Arraya Cares
  • Solutions
    • Solutions

    • Hybrid Infrastructure
      • Hyperconverged
      • Infrastructure as a Service
      • Servers, Storage, and Virtualization
      • Data Protection
      • Disaster Recovery & Business Continuity
    • Apps & Data
      • AI
      • Automation
      • Customizations
      • Visualizations & Integrations
      • Migrations
    • Network
      • Enterprise Networks
      • Wireless Connectivity
      • Cloud Networking Solutions
      • IoT
    • Cybersecurity
      • Endpoint Security
      • Network Security
      • Cloud Security
      • Application Security
    • Modern Workplace
      • Microsoft Licensing
      • Productivity & Collaboration
      • Modern Endpoint Deployment & Management
      • Microsoft Compliance & Risk
      • Backup
      • Cloud
  • Services
    • Services

    • Managed Services
      • Service Desk
      • Outsourced IT
      • Managed Security
      • Managed NOC
      • Arraya Adaptive Management for Microsoft Technologies
      • ADEPT: Arraya's White Label Program
    • Advisory Services
      • Assessments
      • Strategy
      • vCTO
      • vCISO
      • Enterprise Architecture
    • Staffing
      • Infrastructure Engineering
      • Security & Compliance
      • Application & Software
    • Professional Services
      • Project Management 
      • Systems Integration 
      • Mergers & Acquisitions
      • Knowledge & Skills Transfer 
  • Industries
    • Education
    • Finance
    • Healthcare
    • Legal
    • Manufacturing
    • Software and Services
  • Insights
    • News
    • Blog
    • Events
    • Videos
    • Case studies
  • Careers
  • CSP Login
search icon
Contact Us

How Florida Town’s Cyber Security Near ‘Nightmare Scenario’ Can Inspire Positive Change

How Florida Town’s Cyber Security Near ‘Nightmare Scenario’ Can Inspire Positive Change

We usually measure cyberattacks in terms of records accessed or data lost, but the consequences could have been far more severe for one Florida town after hackers targeted its water treatment facility. Fortunately, the town avoided a “nightmare scenario.” Still, as one local official put it, the incident served as a reminder of the realities of today’s cyber security landscape and the need for everyone to be vigilant and “on notice.” 

The attack occurred in Oldsmar, FL, a small city of around 15,000 in the Tampa Bay area. It began first thing on a Friday morning when a water treatment plant employee who was working remotely noticed someone briefly access the plant’s computer system. Initially, the employee wrote this off as no big deal. After all, it was commonplace for a supervisor to access the system remotely as well. What took place that afternoon, however, was far more alarming.

At around 1:30, the same employee watched as someone once again accessed the system. Only that time, the person took control of the cursor and began moving it around the screen. After a little digging, the unknown party found the controls regulating the flow of sodium hydroxide into the city’s water. The city uses the solution, more commonly known as lye, in small doses to regulate the acidity of its water. The substance is also present in household cleaning chemicals and can cause skin irritation and burns and can be lethal if ingested. The employee watched as the person on the other side of their machine increased the amount of sodium hydroxide in the city’s water from 100 parts per million to 11,100 parts per million. Recognizing something was wrong, the employee reset the concentration level once the attacker left the system. 

Local officials were adamant that Oldsmar residents were never in any real danger. Apparently, it would have taken more than a day for the contaminated water to enter the water supply. They stressed that built-in safeguards and redundancies would have caught the change and sounded the alarms before anyone landed in harm’s way. Despite that, concerns remain given the potential severity of the consequences should those safeguards have failed. Florida Senator Marco Rubio has vowed to contact the FBI and wants the incident to be treated “as a matter of national security.”

In response to the breach, the city has disabled the remote-access system leveraged by the attacker.

Cyber security-boosting takeaways for any organization

Post incident investigations have turned up evidence that the plant’s cyber security hygiene may not have been the greatest. Oldsmar’s computers apparently all shared the same password for remote access. They also lacked firewall protection. Additionally, computers with access to the plant’s control systems ran the no-longer-supported Windows 7 operating system.

So what can we take away from this near-miss? Aside from the basics of adding firewalls, implementing strong passwords and upgrading away from unsupported technology wherever possible? For starters, while the employee deserves credit for catching and correcting the attacker’s changes, you can’t help but feel like there was an opportunity to nip this whole thing in the bud even earlier. A quick message to the supervisor could have confirmed that wasn’t who accessed the system earlier in the day, putting everyone on high alert and hopefully locking out the malicious actor.

Additionally, this incident further reinforces the fallacy of trying to stay under hackers’ radar. Far from a bustling metropolis, Oldsmar still managed to draw the eye of attackers. Why? Larger cities and, for that matter, organizations have larger security budgets. Whether motivated by financial gain or, as seems to be the case here, malice, hackers only want to do so much work. Softer targets allow them to accomplish their nefarious goals without coming up against as much resistance.

Finally, this incident also highlights the ongoing need to further harden the network edge. In a recent blog post, we discussed the increasing threat facing organizations as workforces have grown more and more dispersed due to the ongoing coronavirus pandemic. We also highlighted the Secure Access Service Edge (SASE) framework as a way in which to remediate the risk posed by these necessary distributed work arrangements. At a high level SASE combines: secure web gateways, cloud access security brokers, firewall as a service and aero trust network access to deliver the following outcomes:

  • reduced security cost and complexity
  • modernized collaboration
  • enhanced security and performance
  • streamlined network and security management  

Next Steps: Improving your security at the edge and back

If you’d like to further the conversation around SASE, network edge security or, more broadly, the realities of securing access, data and users in today’s environment, Arraya Solutions can help. Our team has the security and network experience needed to help connect you to the right solutions based on your unique use case. Reach out to us today to start a dialogue!   

Visit https://www.arrayasolutions.com//contact-us/ to connect with our team now. 

Comment on this and all of our posts on: LinkedIn, Twitter, and Facebook. 

Follow us to stay up to date on our industry insights and unique IT learning opportunities. 

Arraya Insights
Back to Top
Arraya Solutions logo

We combine technological expertise and personal service to educate and empower our customers to solve their individual IT challenges.

518 Township Line Road
Suite 250, Blue Bell, PA 19422

p: (866) 229-6234     f: (610) 684-8655
e: info@arrayasolutions.com

  • Careers
  • Privacy Policy
  • Contact Us

© 2025 Arraya Solutions. All rights reserved.

Facebook Twitter YouTube LinkedIn
Manage Cookie Consent
We use cookies to enhance your experience. By selecting “Accept,” you agree to our cookie policy.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}