Starting around 2012, Russian hackers began investigating American energy companies and electrical utilities. Three years later, in 2015, they used similar access to Ukrainian utility companies to cut off electricity for several hours in western Ukraine, and again, one year later, to Kiev, the Ukrainian capital.
In 2017, Ross Hackers It got far enough away at an American power plant To manipulate its controls, and stop sabotaging a bit. In the same year, hackers in Russia has been caught dismantling safety locks In a Saudi petrochemical facility that prevents catastrophic explosions.
In recent years, the United States Its cyber attacks escalated Against Russia, with a series of strikes on the Russian electricity grid, as cybersecurity experts likened it to the digital equivalent of mutual assured destruction.
Other countries have examined the American systems, too. In 2013, Iranian hackers were arrested Manipulating a small dam in New York. Officials initially feared that the Iranian infiltrators were inside the Arthur R. But investigators determined that the intruders were inside the much smaller Bowman Avenue Dam blocking a stream in New York, 30 miles north of Manhattan.
Cybersecurity experts say they are very much afraid of attacks on these smaller municipal systems, such as the Bowman Avenue Dam and the Oldsmar water treatment facility. While large utility companies usually have complex safeguards, smaller water supply companies, electrical power suppliers, and manufacturers do not often.
“These are the goals we are concerned about,” said Eric Sheen, a security researcher at Symantec. “This is a small municipality that is likely to be on a small budget and lacks resources, which has intentionally set up remote access so that employees and outside contractors can access it.”
Mr. Shin said this makes them a mature target.
Braithwaite, the city manager, said Oldsmar had disabled remote access. He said, “We expected this day to come.” “We talk about it, we think about it, we study it.”