America’s drinking water infrastructure has a big problem right now: extremely loose cybersecurity policies and mandates. This isn’t a new thing. In December 2023, the Cybersecurity and Infrastructure Security Agency (CISA) announced that hackers had breached several US water facilities by exploiting systems with default set passwords. In another December 2023 attack, hacker groups breached the equipment of a Pittsburgh-area water utility that manages water pressure through other social engineering schemes. In 2021, a hacker took things to an even more malicious level in Tampa, Florida by exploiting weak cyber practices to increase the level of toxicity in the drinking water by a factor of 100. The common factor in all three instances: extremely loose cybersecurity policies and mandates. CISA’s response to the recent hacks was a bare minimum suggestion: “Use strong, unique passwords”. This is far from the only problem going on here.
I remember learning in my Computer Science 101 class that computer-generated random numbers are not actually random. Shocking, right? The system uses an algorithm, or set of instructions, to build a random number that can be reverse engineered. In the utility space, we utilize random number generation for several important purposes like secure password generation, encryption codes, security protocols, anomaly detection, and simulation. A classic example is password generation. A twelve-digit password takes 62 trillion times longer than a six-digit password to hack. That extra time is important in intercepting unauthorized users or programs – the longer they take to get in, the higher the chance of being found out and stopped.
But, what on Earth does this have to do with lava lamps?
Some businesses are taking the idea of password generation to a whole new level by leveraging lava lamps. Made popular in the 1960s, fitting perfectly with shag carpeting, conversation pits, and a big sound system playing Pink Floyd, lava lamps are a piece of moving sculpture that offers an endless array of shapes and patterns, making each viewing experience unique. The lamp’s fluid dynamics, where blobs of wax heat up, rise, and then cool down to fall back to the bottom, offer a hypnotic, calming effect that has captivated people for decades.
Now in the 21st century, the movement and patterns of the lava lamps are captured by cameras and turned into a stream of random numbers. These random numbers are then used to create encryption keys to secure systems. This randomness is important in encryption and security applications because predictability can lead to vulnerabilities.
It’s a fascinating approach to make encryption and cybersecurity more secure. But cybersecurity, especially for water facilities, is a multi-faceted beast and thinking the problem is as simple as “We need a better lock on this one thing” is far from the only action an organization needs to take. This is not groovy at all. An organization, especially utilities providing essential services like drinking water, needs to make their IT and OT systems painful to hack with as small an attack surface as possible. Systems need to be regularly updated, strong policies for authentication and access need to be addressed regularly, and of course, since threats and hacker attack tactics change daily, the IT department needs to be aware 24/7 of what new defenses they need in place as fast as possible.
Parsons is helping utilities around the country address the critical problem of how an IT team can leverage technology to secure their networks on all fronts. Our solution, Cyberzcape™, is a powerful and comprehensive tool that helps water utilities monitor, detect, and respond to cyber threats in real time. Cyberzcape™ integrates with existing IT and OT systems, providing a unified dashboard that displays the network status, alerts, and incidents. It also uses advanced analytics and machine learning to identify anomalies, vulnerabilities, and attack patterns, and provides actionable recommendations and automated responses. With Cyberzcape™, water utilities can secure their networks from end-to-end, ensuring the safety and reliability of their critical infrastructure beyond just “updating your password.”
If you want to learn more about how Cyberzcape™ can keep your network “Good Vibes Only” and help you protect your water systems from cyberattacks, contact us today and request a free demo. We are ready to assist you with our expertise and experience in cybersecurity and water management.
Stay safe, stay groovy.