Our tech-savvy livelihoods put us at a daily risk of cybercrimes, as we spend the majority of our time interacting with devices that could give hackers access to our personal data. In fact, according to DataProt, nearly 60% of Americans say they have experienced cybercrime or somehow fell victim to a hacker. As every aspect of our lives becomes more connected, the opportunities for bad actors rise.
Additionally, 70% of small businesses are unprepared for a cyberattack, and almost 90% of professional hackers can penetrate a company within 12 hours. It is no surprise that the Federal Bureau of Investigations (FBI) has officially ranked cybercrime as one of its agency’s most important interests.
Inadequate Protection
Unfortunately, hackers lurk in places we might least suspect them, including water utilities. While water utility companies have begun to incorporate more and more computer technology into routine operations, these upgrades create more vulnerability points to cyber threats. As it stands, many utilities have inadequate cybersecurity measures and inadequate responses to cybersecurity incidents, coming with massive risks.
We’ve seen firsthand what those vulnerabilities can lead to, as just last year hackers were able to access a water plant in Florida via dormant remote access software. Officials say that, after gaining entry, the criminals tried to poison the water by raising the level of sodium hydroxide to 100 times the recommended amount. The chemical is used for many purposes, but specifically, in water, it controls acidity and removes metals. When used as intended – at low levels – sodium hydroxide poses no danger. However, at high levels, it can cause real damage. When ingested at levels greater than intended, the chemical can cause symptoms like corrosive injury to the lips and tongue, chest and stomach pain, severe burns and irritation of the upper respiratory tract that can cause difficulty breathing and coughing. There were no injuries during the incident, but this attack proves that our threats to our water utilities cannot be taken lightly.
Water Utility Vulnerabilities
The risk cybercrime poses to water utilities – and, in turn, citizens and their health – is vast. It has even been acknowledged that water security might be the most glaring vulnerability in our national infrastructure. As such a blatant target, even government officials have addressed the risks. After the attack on the Florida water plant, Sen. Marco Rubio took a firm stance in a statement when he said that water system security is an issue of national security, and it must be addressed. In late 2021, Congress passed the Bipartisan Infrastructure Law, consisting of $1.2 trillion, $55 billion of which will be provided to improve the country’s water supply. Furthermore, 30 international allies and partners have joined forces to detect and disrupt ransomware threats. The White House Administration has also brought together G7 countries – an informal group of the world’s seven most advanced economies – to hold accountable nations who harbor ransomware criminals and take steps with allies and partners to publicly attribute malicious activity. Still, with all this, the water infrastructure is currently not protected to the extent it needs.
Many of these treatment facilities face threats in a unique environment, with low budgets and few cybersecurity specialists who can consistently keep a handle on the increased risks. Along with the harm a hacker could bring to a population’s health, a cybersecurity threat can also come by way of installing malicious programs like ransomware that can bring an entire business down by disabling process control operations. It can also result in the theft of customers’ personal data, a compromised email system or defaced website, the overriding of alarms and disabling of pumps.
Locking Down Safety
Those running water utilities must always ensure they can confidently deliver safe and clean water to customers. With all the risks that come without substantial cybersecurity protection, there is a clear need for another layer: cybersecurity solutions that can offer the maximum level of protection.
Broadly, a solution like this can lock all cyber doors, monitor those locks and networks and provide compliance benchmarking with best practices or other mandated standards. Through a cloud-based managed security service designed specifically for utilities, there is continuous cyber threat vigilance and comprehensive remediation guidance – 24/7. In doing this, the technology locates, deciphers and provides alerts if any types of cybersecurity threats, malware or viruses are detected. Furthermore, at any time, managers can get thorough assessments of control systems, servers, smartphones and laptops, and other devices connected to a water utility’s network.
Keeping the Doors Locked
Cybersecurity is not only necessary but is now a dire mission-critical function for water utilities. Hackers are lurking behind corners everywhere, and if there are cybersecurity risks in any form, they will find even the most obscure vulnerability. To assure customers that their information and health are always safe, water utility managers must implement a solution that protects all of it, with a detailed view of all vulnerabilities within any applications and operating systems. It will safeguard the health of the citizens it serves and the reputation of the water utility company.
Robert Nawy is CEO of IPKeys Cyber Partners, provider of industry-leading, secure OT/IT intelligence platform that addresses the complex cybersecurity, data, and critical infrastructure protection challenges faced by operators of mission-critical networks for customers in the energy, government, public safety communications and industrial markets. The company’s suite of solutions encompasses cybersecurity, cyber compliance, and operational network monitoring for a range of dynamic OT/IT environments. The company is headquartered in New Jersey and has offices in California, Louisiana, and Texas.