Last week, a hacker took control of an employee’s computer at a small water-treatment plant in Florida. Within a few hours, the level of sodium hydroxide, the chemical compound known as lye that’s added to dissolve heavy metals, had increased to 100 times the usual amount. Noticing that the software had changed the levels, the employee was able to stop the attack before tainted water flowed throughout Oldsmar, a town of 15,000 near Tampa.
Attacks on water systems are certainly not new — in 1924, California farmers blew up part of the aqueduct that was siphoning a local lake 200 miles south to the growing metropolis of Los Angeles — but as more infrastructural operations are carried out using remote and automated systems, there’s growing concern that the security of such systems, particularly smaller water systems with fewer resources, could be breached. Although it sounds like an alarming scenario, Peter Gleick, a scientist who studies water security at the Pacific Institute, says it’s unlikely any contaminant could be introduced at the speed and volume to do harm. “Water quality is tested many times per day and problems are found quickly,” he tells Curbed. “It’s almost impossible to poison a water supply this way.”
New York City’s water, on the other hand, does not come from a treatment plant, and carries different risks: It’s not contamination that’s the worry, but the disruption of distribution, which would stop the city cold in a matter of hours. (No water means no toilets and no cooking. End of story.) The country’s largest unfiltered water supply traverses a vast network of tunnels and aqueducts spanning 2,000 square miles across three watersheds as it makes its gravity-powered journey to New Yorkers’ taps. The threat is much greater for attacks that might target its storage and transportation infrastructure. Upgrades like higher fencing and increased patrols, as well as beefing up cybersecurity, were of the utmost priority for New York City after September 11 escalated concerns that dams and reservoirs would be the targets of terrorism. Even so, there was a 2016 incident in which Iranian hackers briefly took control of a very small dam in Westchester County.
Where the Oldsmar attack succeeded was at eroding public trust in its utilities. That, says Gleick, is itself damaging. “What happened in Florida is highlighting that we’re not taking the security of our utilities as seriously as we should.” (In a very different way, that’s true in Flint, Michigan, where water was contaminated not by hackers but by the negligence of elected officials.) Gleick doesn’t want to minimize the threat of a cyberattack, but he says he’s far more concerned about the broader vulnerability of U.S. water systems, including the looming threats of deferred repairs, watershed pollution, and climate change. “The lesson here, in part, is that we’re not managing our water resources systems adequately for any of the threats they face,” he says. Maintenance, however, is one area that he says New York City is taking seriously. A third water tunnel completed in 2013 has allowed critical repairs to be made on the city’s two older tunnels from 1917 and 1935. Crews recently dug a major bypass tunnel under the city to repair a leaky aqueduct. And at the end of 2020, the 105-year-old Catskill Reservoir was shut down for a massive rehabilitation project which has temporarily taken the source of nearly half the city’s drinking water offline. That may sound foreboding, but New York’s system is flexible enough to toggle between multiple backup reservoirs, including, if demand dictates, drawing from the Delaware watershed in the morning and the Croton watershed at night. You might be able to taste the difference, but it’s harmless. If anything, it’s an opportunity to raise a glass to the power of preparedness, and to a great natural resource.