When it comes to cybersecurity issues, most people may turn their attention to the more exciting issues, like attacks on movie studios’ email servers or cryptocurrency hacks. But one area in which cybersecurity problems are posing a significant threat is water infrastructure. In fact, water utilities and wastewater companies have reported more instances of Cyberattacks in recent years as attacks on power grids, and services only continue to grow.
These threats include the exploitation of flaws in software programs that run water valves and controls, among other issues. The worst kind of these wastewater cybersecurity attacks can go undetected for long periods. Water utilities have become more reliant on the Internet of Things to operate its networks of pipes and pumps. These controls can help monitor conditions and lower labor costs as fewer workers are needed to keep things running smoothly.
But hackers are constantly looking for ways to test out the vulnerabilities of critical water infrastructure. And while so much attention has been paid to America’s power grid, wastewater infrastructure systems are exposed.
Foreign Threats?
Hackers and state-sponsored cyber terrorists can map the control systems for water and wastewater systems to understand where the control systems operate. This kind of mapping system could be prep work and research in anticipation of cyberattacks designed to disable and disrupt infrastructure that’s important to wastewater systems.
In fact, back in 2014, the Federal Bureau of Investigation (FBI) confirmed that operatives from Russia, Iran, and China were doing this kind of prep work, looking for cybersecurity vulnerabilities in the United States’ water and electric infrastructure. The problem here is that while it’s essential to discover and protect against these cyber threats, once uncovered, it usually means infiltration has already happened.
When it comes to solving the issue after it happens, wastewater infrastructure companies can pick up the financial pieces through cyber insurance, which directly protects their cyber systems and provides financial and legal help after an incident has occurred. While the goal should be to keep all occurrences at bay, not every attack can be prevented.
State regulators could help reduce risks by working together with federal regulators to push utilities to hone in on creating comprehensive cybersecurity strategies instead of just complying with regulatory requirements. Another way of mitigating risks around cyberattacks on water infrastructures includes the adoption of standards for the entire industry, more streamlined and protected sharing of information by utilities about vulnerabilities and best practices, and more robust requirements that water control systems have built-in security features.
About Watercolor Management
WaterColor Management has insured the water industry for over 30 years. Our policies include unlimited defense cost coverage in the event of a lawsuit against you. Call us at (256) 260-0412 or email info@watercolormanagement.com for a quick quote for your Water Business Professional, Products/Completed operations, Pollution and General Lia