Connect with us

Hi, what are you looking for?

Tech & Science

US water providers are ‘especially vulnerable’ to a cyberattack

A defensive approach is no longer sufficient. Water facilities must implement a proactive cybersecurity defense to effectively mitigate cyber threats.

The resevoir of the Darbandikhan dam in northeastern Iraq is almost full, with heavy rains breaking four consecutive years of drought
The resevoir of the Darbandikhan dam in northeastern Iraq is almost full, with heavy rains breaking four consecutive years of drought - Copyright AFP Shwan MOHAMMED
The resevoir of the Darbandikhan dam in northeastern Iraq is almost full, with heavy rains breaking four consecutive years of drought - Copyright AFP Shwan MOHAMMED

There are persistent vulnerabilities plaguing water and wastewater systems across the U.S. Following the White House and EPA’s recent warning to U.S. governors about the susceptibility of U.S. water infrastructure to cyber threats, it is clearly time for utility providers to take note and to instigate appropriate action.

Looking into the matter for Digital Journal is Nick Tausek, Lead Security Automation Architect at Swimlane.

Tausek begins his analysis by assessing the nature of the risk and the potential damage that could be caused: “A primary focus of threat actors targeting U.S. water facilities is to disrupt critical infrastructure to weaken the United States security posture and impact human and environmental health.”

Furthermore, there is a wider societal effect: “These attacks erode trust in US institutions’ ability to protect their residents, undermining democratic participation. Threat actors seek to extract ransoms, customer information, and OT knowledge from the water facilities for monetary gain and other criminal purposes.”

One of the roots of the current level of risk relates a failure to build a robust cyber-defence. Tausek is critical in his analysis, noting: “The historically outdated security posture of water infrastructure and the long-term risk potential make these systems an especially attractive target for cybercriminals.”

Furthermore, the water sector has lagged behind other utilities: “Compared to power generation, for example, water infrastructure receives much less attention, but as we have seen with cities like Flint, disruption to the water supply’s safety, whether from malfeasance or cyber-attack, can have extremely long-lasting and dramatic repercussions.”

This also raises the likelihood bar, says Tausek: “It’s not hard to imagine a nation-state actor using this historically easy target to simultaneously degrade water safety in multiple areas of the country during a future conflict to erode trust in institutions, harm the populace, and stretch resources away to deal with the water crisis.”

There also needs to be greater proactivity. According to Tausek: “A defensive approach is no longer sufficient. Water facilities must implement a proactive cybersecurity defense to effectively mitigate cyber threats.”

As an example, he recommends: “The utilization of automated security practices allows organizations to standardize their threat detection and alert monitoring, significantly reducing incident response times. This visibility into the IT infrastructure facilitates a more threat-informed response with increased efficiency. In addition, they must request that those in control of budgets take the criticality of a safe water supply into account when allocating resources for cybersecurity initiatives.”

Tausek has one more point to make: “Facilities should be using the tools, techniques, and advice provided by CISA.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Tech & Science

Education bosses in Los Angeles voted Tuesday to work towards a complete ban on the use of smartphones in the city's schools.

Business

Asian markets drifted Thursday as investors try to gauge the outlook for US interest rates.

Business

Whether it’s the timeless class of Harry Kane’s Bentley Continental or the sporty style of Kyle Walker’s Lamborghini Huracan.

Life

These data show an overall trend in fewer miles before a collision globally, suggesting the need for a renewed focus on safety.