Cybercrime just might be one of the more dangerous risks we face, with hackers lurking around the corner in so many aspects of our daily lives.
Cyberattacks are only becoming more and more common in our country. In fact, the Federal Bureau of Investigation (FBI) ranks cybercrime as one of the most important law enforcement activities.
We have experienced a long history of cyberattacks in industries ranging from large pipelines to public safety organizations, and critical infrastructures like water treatment and supply systems are now coming under frequent attack. These plants are prime targets for cyberattacks because many of them serve communities with fewer than 50,000 residents, which often forces budget-challenged municipalities to make tough decisions regarding what gets cybersecurity funding at a local level. These under-investments can potentially lead to disaster.
Oldsmar Attack
Just last year in Oldsmar, Florida, a hacker took control of a computer at a water treatment plant and altered the level of sodium hydroxide in the water supply to 100 times higher than what’s normal.
Sodium hydroxide is the main ingredient in liquid drain cleaners and is used to control water acidity and remove metals from drinking water. However, at high levels, it can severely damage any human tissue it touches, as well as cause vomiting, severe pain and bleeding. Fortunately, residents in the area were unhurt in this instance, but this incident showed the severe danger to the public when hackers target our water supply.
Just this summer, the Center on Cyber Technology Innovation and the Cyberspace Solarium Commission released a statement warning that water utilities might face the greatest vulnerability pillar of the national infrastructure. Many of these at-risk small towns have water treatment facilities that operate in a unique threat environment, often with inadequate budgets and highly limited cybersecurity personnel to respond to the growing threats. Sen. Marco Rubio (R-FL), ranking member of the Senate Select Committee on Intelligence, said at the time of the Florida breach the water-system security is “a matter of national security.” The bottom line is the water infrastructure in our country is under-protected and extremely susceptible to cyberattacks.
Unfortunately, not long after the Florida water treatment facility attack, attention to the danger faded amid other major news. And in a $1.2 billion infrastructure bill that passed Congress, there was more attention paid to energy and the transportation sector cybersecurity than water protection. Furthermore, even as the Environmental Protection Agency (EPA) has been tasked with the job of providing support and technical assistance to safeguarding our country’s water and wastewater sector against cyberattacks, the agency still lacks the resources organized to fulfill this critical mission.
Proper Protection
With the health of Americans at risk, it’s an understatement to say we must ensure water storage and treatment plants have the highest level of protection. True security begins with implementation of a comprehensive platform that deals specifically with cybersecurity risks to water plants. What is needed is a solution that locks all potential doors cyberattackers can enter and provides 24/7 monitoring of network traffic, can detect, analyze and provide an alert when a cybersecurity, malware, or virus threat occurs.
That kind of solution would provide decisionmakers visibility into the cyber-risks and presents the steps to remove or reduce those risks. By enacting this type of holistic approach, cybersecurity experts review frequent reports and are available to answer any questions regarding additional concerns.
Furthermore, water plant managers can be provided with an on-demand assessment of endpoints that are connected to the organization’s network, including servers, industrial control systems, desktops and laptops, smartphones and more. This gives everyone an up-to-date view of vulnerabilities in operating systems and applications, with daily reports into cyberthreats. Then, there are recommendations and prioritization of the risks that must be addressed, and specific guidance on remediation.
Ensuring Safe Water
As it stands, lackluster system access procedures can put a water processing or treatment plant at a heightened threat for security vulnerabilities. In turn, that can leave countless communities at serious risk.
With the growing sophistication of cyberthreats that can find even the smallest vulnerability, an entire network can be compromised in moments.
With a platform designed specifically to mitigate these risks, an organization can ensure they are protecting their systems, data and, in turn, the people who depend on them every day for the most basic need – water.
Robert Nawy is chief executive of IPKeys Cyber Partners, an OT/IT cybersecurity provider for operators of mission-critical networks in the energy, government, public safety communications and industrial markets.