Cyberattacks can spark cascading social crises that "engulf communities"
Strikes on critical infrastructure “pose serious risks to societal resilience”, causing impacts far beyond the initial technical damage.
Attacks on critical infrastructure have an impact that "spreads far beyond technical failures", potentially triggering major societal "crises".
That's the warning from academics who studied the after-effects of a 2021 cyberattack on a Florida water treatment plant.
A strike on the systems that power modern civilisation clearly has a physical impact, bringing down vital services and causing severe disruption.
But they also "pose serious risks to societal resilience", researchers from the University in Sharjah in the United Arab Emirates warned.
In a study published in the journal Engineering, Construction and Architectural Management, the team explored public responses to an incident in February 2021, when an intruder gained remote access to the control system of a water plant in Oldsmar, Florida.
The attacker tried to dramatically increase levels of sodium hydroxide (lye), a chemical used to treat water, from about 100 parts per million to more than 11,000 ppm.
In very small amounts, this chemical is safe. If the hacker had been successful, they could have caused severe harm to anyone who drank the water, including severe chemical burns, internal bleeding, and permanent damage to the digestive tract. In vulnerable people, including children and the elderly, the attack could have been fatal. FBI invest
The danger was avoided only because a plant operator noticed the change in real time and reversed it before contaminated water reached the public supply.
Poisoning the conversation
To understand the public response, researchers analysed social media reactions to the hack, collecting Twitter conversations from February 8 to February 15, 2021.
"These tweets provided a diverse range of public reactions, including expressions of disbelief, humor, fear, critiques of systemic vulnerabilities, and calls for accountability,” the authors explain. “This dataset, as naturally occurring data without the intervention of the researchers, offered valuable insights into how the public processes and responds to cybersecurity incidents in real time."
The authors framed their analysis using the Kübler-Ross model, a well-known psychological framework the psychiatrist Elisabeth Kübler-Ross introduced in 1969 to describe emotional responses to death and dying.
This five-stage model – denial, anger, bargaining, depression, and acceptance – has since been widely applied to explain how individuals respond to loss, crises, and major disruptions. The Simpsons famously parodied this framework in a clip you can watch below.
READ MORE: Iran's exiled crown prince calls on hackers to attack regime's "information infrastructure"
Social media conversations surrounding the attempted hack of Oldsmar’s water system, the study finds that public reactions “followed a structured emotional progression"
“Social media discourse revealed concerns over systemic vulnerabilities, accountability demands and calls for cybersecurity reform," the authors said.
"These insights emphasize the importance of transparent crisis communication, proactive risk management and public engagement in strengthening cybersecurity resilience.”
The "far-reaching impacts" of cyberattacks
Dr. Bharadwaj R. K. Mantha, an assistant professor at the University of Sharjah’s College of Engineering, said cyberattacks affect far more than infrastructure and digital systems.
"Public reactions follow recognizable patterns, from disbelief and humor to fear, anger, and eventual acceptance," he added.
Social media functions as a real-time "public sector" exposing underlying anxieties, mistrust, and expectations, Mantha warned.
"Ignoring public sentiment during cyber crises undermines trust and slows recovery," he advised. "Online discussions rapidly highlighted systemic weaknesses—such as outdated software—and sharply criticized perceived lapses in cybersecurity practices."
"Public perceptions are a key part of the landscape and must be addressed appropriately by the responsible authorities. There was sustained public demand for accountability, transparency, and reform. Importantly, the discourse often included technically informed suggestions—not just emotional reactions."
READ MORE: Russian hacktivists blitz UK critical infrastructure and local government targets
The authors argued that their findings carry "far-reaching implications", particularly for improving crisis communication strategies during cyber incidents.
Dr. Johan Ninan, the study’s lead author and an assistant professor at Delft University of Technology in the Netherlands, said: "Our study on the Florida water plant hack shows that in building cybersecurity for critical infrastructure, public trust and communication are as vital as firewalls and software."
The team said its research shows how social media can serve as a valuable feedback channel for strengthening cybersecurity planning and management, helping shift the field from purely technical defences toward more human-centred models.
Balaji Kesavan, a US-based independent researcher and co-author, added, "Our study paves the way for using large language models to analyze social media sentiment in near real time. This enables municipalities to better understand and proactively react to public reactions during critical infrastructure cyber incidents."
