Connect with us

Hi, what are you looking for?

Tech & Science

Water supplies remain ‘too weak’ when it comes to cybersecurity

Addressing the OT/IT convergence in these utilities requires a robust, multi-faceted strategy.

The dazzling Thai islands made famous by Hollywood film "The Beach" are facing a severe water shortage following a heatwave across Asia
The dazzling Thai islands made famous by Hollywood film "The Beach" are facing a severe water shortage following a heatwave across Asia - Copyright AFP Mladen ANTONOV
The dazzling Thai islands made famous by Hollywood film "The Beach" are facing a severe water shortage following a heatwave across Asia - Copyright AFP Mladen ANTONOV

In the U.S., the government environment service – EPA – has put in place a recent Enforcement Alert on water system security, outlining the urgent cybersecurity threats and vulnerabilities to community drinking water systems.

Howard Goodman, Technical Director at Skybox Security, has told Digital Journal about the critical issues with the OT/IT cybersecurity gap.

 According to Goodman the operative word is ‘update’: “The EPA’s recent advisory on cybersecurity threats to water utilities highlights a pressing issue: the operational technology (OT) and information technology (IT) gap. This divide has not only exacerbated vulnerabilities but also expanded the attack surface, complicating the task of achieving comprehensive visibility and control.”

The extent of the problem appears to be considerable, Goodman notes: “Alarmingly, EPA inspections reveal that over 70 percent of water systems fail to meet the cybersecurity standards mandated by the Safe Drinking Water Act.”

The Safe Drinking Water Act (SDWA) is a U.S. law seeking to put in place a minimum standard for water quality. The Act was originally passed by Congress in 1974 to protect public health by regulating the nation’s public drinking water supply.

In terms of putting in place corrective measures, Goodman advises: “Addressing the OT/IT convergence in these utilities requires a robust, multi-faceted strategy. First, enhancing security posture management through the integration of advanced threat detection technologies is critical”.

There are other advantages: “These technologies can provide real-time monitoring and rapid response capabilities. Second, automating compliance processes ensures consistent adherence to regulatory standards, reducing the risk of human error and improving efficiency.”

In terms of additional measures, Goodman advises: “Furthermore, fostering a unified security framework necessitates comprehensive network modeling, which can offer a holistic view of both OT and IT environments. This approach helps in identifying and mitigating potential security gaps. Organizational silos must be dismantled to eliminate security blind spots; a collaborative culture is essential for effective cybersecurity.”

For longer-term solutions, Goodman puts forwards: “Finally, it is imperative to optimize remediation strategies beyond traditional patch management. Employing advanced techniques such as behavioral analytics and predictive maintenance can significantly reduce downtime and enhance system resilience.”

These should lead to robust preventative measures, says Goodman: “These measures are not merely precautionary; they are essential in bolstering the resilience of critical infrastructure against the evolving landscape of international cyber warfare. Proactive and integrated cybersecurity practices will be pivotal in safeguarding our water utilities and ensuring the continuity of essential services.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Business

Speaking at the Innovation Week YYC Launch Party, Naheed Nenshi shared his vision for how Alberta can harness its innovation potential.

Life

COVID-19 pandemic did not lead to an excess in suicide mortality in 2020, that does not mean that the pandemic wasn't related, in some...

Tech & Science

Video game "Astro Bot" -- a family-friendly sci-fi adventure -- was named 2024's Game of the Year on Thursday - Copyright AFP Philip FONGVideo...