On February 5, an unknown cyberattacker tried to poison the water supply of Oldsmar, Fla. City officials say the targeted water-treatment facility had a software remote-access system that let staff control the plant’s computers from a distance. The hacker entered the system and set it to massively increase sodium hydroxide levels in the water. This chemical (better known as lye) was originally set at 100 parts per million, an innocuous amount that helps control the water’s pH levels. The attacker tried to boost that to 11,100 ppm, high enough to damage skin and cause hair loss if the water contacts the body—or, if it is ingested, to cause potentially deadly gastrointestinal symptoms. Fortunately, a staff member noticed the attack as it was happening and restored the correct settings before anything changed.

How much of a broader threat might attacks like this pose to public facilities, and what can be done to protect them? Scientific American asked Ben Buchanan, a professor specializing in cybersecurity and statecraft at Georgetown University’s School of Foreign Service.

Read the full article at Scientific American.