The water industry continues to face challenges when it comes to cyber security, like other forms of business. The human body is 60% water. As a critical resource, the United States must protect its water systems from criminals that could target them to cause widespread harm. Water utilities face numerous challenges due to multiple sites, geography, technology issues, varying levels of budget and oversight, and how the water industry uses cyber security.
Why the Water Industry Needs Cyber Security
Cybercriminals have made several attempts to access water treatment facilities over the past few years. Also, they have undergone creative methods to cause chaos. In early 2021, a hacker gained access to a water treatment plant in Oldsmar, Florida, by using former employee credentials and attempted to poison the water by drastically increasing the amount of lye from 100 to 11,100 parts per million. Fortunately, someone thwarted the effort. However, this and similar situations have highlighted the vulnerabilities of the United States wastewater and drinking water systems.
Fragmented System
The water supply network in the United States includes approximately 70,000 separate water and wastewater utility systems. Over 50 percent of the U.S. water systems are small, serving under 500 people. Additionally, municipally owned water systems make up 85-90 percent of the nation’s water systems. They generally have outdated information technology and insufficient budgets to update their cyber security systems.
Multiple System Failures
The recent breaches of cyber security indicate failure on numerous levels, including the following:
- Lack of security to prevent remote access to the IT system
- Lack of separation between the water treatment plant operations control system and the IT system that hackers could access.
- Under-resourcing of technology and employee cyber skills
Suggestions For Improvement
There are numerous challenges facing the nation’s water system regarding cyber threats. Also, water suppliers and people in the industry must take the necessary steps to improve cyber postures, including water treatment insurance, to ensure protection in an emergency. Last year the National Association of Water Companies established the following “cybersecurity pillars” for the water industry.
- Create uniform, universal standards for drinking water and wastewater utilities through state and federal initiatives.
- Reexamine the water sector’s cybersecurity oversight model and mandate foundational risk-based standards.
- Create a North American Water Reliability Council (NAWRC), modeled on the NERC model in the electric sector, to develop compliance standards and audit implementation.
- Create a regulatory office through the EPA to provide oversight.
- Utilize federal funding to support nationwide water utilities to provide physical, operational, and cybersecurity resources, information, and best practices.
- Require uniform and timely incident reporting.
- Require water utilities to register with CISA Hygiene Services.
- Support strategies that encourage collaboration between water, energy, and gas sectors.
- Encourage the formation of an assistance program to support restoration efforts following cyber incidents.
Water is a critical resource that suppliers and industry leaders must protect from criminals who seek to inflict damage and chaos through cyberattacks on this valuable sector. Likewise, a water treatment program can help industry leaders understand the risks they face and understand them. It also helps them understand how criminals attempt to bypass their safeguards and inflict damage upon them.
About Watercolor Management
Watercolor Management has insured the water industry for over 30 years. Our policies include unlimited defense cost coverage in the event of a lawsuit against you. Call us at (855) 929-0824 or email info@watercolormanagement.com for a quick quote for your Water Business Professional, Products/Completed operations, Pollution and General Liability Insurance.