Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Stay on top of the latest market trends

Subscribe to Axios Markets for the latest market trends and economic insights. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sports news worthy of your time

Binge on the stats and stories that drive the sports world with Axios Sports. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tech news worthy of your time

Get our smart take on technology from the Valley and D.C. with Axios Login. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Get the inside stories

Get an insider's guide to the new White House with Axios Sneak Peek. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Denver news?

Get a daily digest of the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Des Moines news?

Get a daily digest of the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Twin Cities news?

Get a daily digest of the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Tampa Bay news?

Get a daily digest of the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Charlotte news?

Get a daily digest of the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Illustration: Aïda Amer/Axios

The would-be mass poisoning that a small town in Florida dodged last week is a chilling reminder that cybersecurity — often conceived in the popular imagination as purely an abstract province of ones and zeroes — can be a matter of life or death.

Why it matters: The fact that attackers were (if only briefly) able to access the control system for a municipal water supply should be a wake-up call for U.S. officials regarding the digital insecurity of many key pieces of infrastructure.

Driving the news: Hackers used TeamViewer, a remote-access software program, to tamper with a water-treatment facility in Oldsmar, Florida, a town of roughly 15,000 people outside Tampa, officials said Monday.

  • They briefly gained access to system controls for the plant and tried to massively raise the levels of lye in the water supply from 100 parts per million to more than 11,000. (Lye, commonly used to treat drinking water, is nontoxic when diluted but poisonous at higher concentrations.)
  • Plant operators quickly discovered the tampering attempt, prevented the alteration of lye levels, and shut out the hackers from their systems.

What they’re saying: “At no time was there a significant adverse effect on the water being treated,” said Bob Gualtieri, Pinellas County sheriff. “Importantly, the public was never in danger.”

Yes, but: The incident still underscores the potential for enormous damage that lies dormant within many pieces of internet-connected infrastructure in the country.

  • It's a real concern, particularly as more critical infrastructure comes online and more international crime and nation-state conflict moves into the cyber realm.

In this case, while the FBI and Secret Service are investigating the breach, we don't know if the incident was an attempted terrorist attack, unsophisticated but malicious nation-state activity, or “merely” the work of a deranged individual.

  • There is a chasm between a serious operation to poison an entire town’s water supply as an act of either state-sponsored sabotage or non-state terrorism and a half-baked, foolish — if malign and potentially deadly — gambit by some group of individuals who may not have even fully conceived of the seriousness of their actions.
  • The continuum is broad, and we don’t know precisely where this event fits yet.

Of note: The “noisy” and haphazard nature of the hackers' work and the ease with which they got in — a worrying data point on its own — seem to point to something less than a well-thought-out operation conducted by a determined, top-tier nation-state adversary, say experts.

  • While incidents like Oldsmar “are concerning given adversary brazenness ... they also are incredibly unsophisticated in nature — representing a burglar opening an unlocked door more than a thief penetrating a well-resourced security system,” writes Joe Slowik, a senior threat researcher at DomainTools.
  • Slowik suggested the incident may more than anything else echo a series of seemingly simplistic breaches by hackers of water infrastructure in Israel last year, “where insecure systems were remotely accessible and entities simply took advantage of circumstances.”

The catch: Crude as the operation may have been, the hackers appeared to be trying to sicken or even kill Oldsmar residents — a rare instance of a known cyberattack targeting an industrial control system within the U.S. where the aim of the operation seemed to be lethal in intent.

Go deeper

Biden explains justification for Syria strike in letter to Congress

Photo: Chris Kleponis/CNP/Bloomberg via Getty Images

President Biden told congressional leadership in a letter Saturday that this week's airstrike against facilities in Syria linked to Iranian-backed militia groups was consistent with the U.S. right to self-defense.

Why it matters: Some Democrats, including Sens. Tim Kaine (D-Va.) and Chris Murphy (D-Conn.) and Rep. Ro Khanna (D-Calif.), have criticized the Biden administration for the strike and demanded a briefing.

4 hours ago - Health

FDA authorizes Johnson & Johnson's one-shot COVID-19 vaccine for emergency use

Photo: Illustration by Pavlo Gonchar/SOPA Images/LightRocket via Getty Images

The Food and Drug Administration on Saturday issued an emergency use authorization for Johnson & Johnson's one-shot coronavirus vaccine.

Why it matters: The authorization of a third coronavirus vaccine in the U.S. will help speed up the vaccine rollout across the country, especially since the J&J shot only requires one dose as opposed to Moderna and Pfizer-BioNTech's two-shot vaccines.

Updated 5 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Annelise Capossela/Axios