City of Horseshoe Bay officials began examining its facilities’ security — both physical and cyber — in October, and a recent infiltration of a Florida water treatment plant affirmed to local leaders that they’re doing the right thing.
Earlier in February, someone hacked into the water treatment plant in Oldsmar in Pinellas County, Florida, and raised the sodium hydroxide level from 100 parts per million to 11,100 parts per million, making it dangerous to drink or use.
The onsite plant manager detected the increase, shut down the system, and contacted law enforcement.
“It’s a very serious event that happened in Florida,” Horseshoe Bay Utilities Director Jeff Koska told the City Council during its Feb. 23 meeting. “(The perpetrators) acted intentionally to hurt people.”
While sodium hydroxide, or lye, used at certain levels eliminates metals from drinking water and controls water acidity, the amount being injected into the Florida plant could have burned people who used or drank the water.
In October, Horseshoe Bay staff and a cybersecurity officer began examining every city building and its infrastructure to see how well they were protected from physical and cyber threats and to develop a plan to better secure those assets.
The city has been updating its computer hardware and software, Koska said, with new computers arriving any day and software that will be installed in June.
“When we get those, we’re going to make modifications on locks and gates and everything else,” the utilities director said. “We’re putting the firewalls and dual authorization with multiple passwords.”
The new system will require a two-step verification for employees to access the city’s computer network.
In addition to updating the computer system at City Hall, Koska noted passwords are changed every quarter. He also constantly receives email reports, he said.
If a hacker tries to email staff from the city’s computer network, workers immediately receive an email telling them to disregard or not open the suspicious message, Koska said.
“We have a firewall that keeps intruders from coming in,” he said.
While the intrusion into the Florida water plant affirmed the need for the Horseshoe Bay security audit, Koska said a similar attack at the city’s facility is unlikely. The Florida plant had an outdated computer system and what experts called a weak cybersecurity network, which made it vulnerable to hackers.
Koska noted Horseshoe Bay already has safeguards in place to protect the water system.
Raising lye levels and other unexpected changes set off a trigger at the plant, he said.
The Horseshoe Bay water department has eight operators who monitor the water plant through the computer system, he said, and those workers receive data if something isn’t correct.
“It has a monitoring system that sets alarms,” Koska said. “It sends a message out to our operators. The plant will automatically shut off if it gets to a danger zone or a level that’s unsafe.”
City officials added that the security study should wrap up in March.