Cyber attacks are a growing concern, that could potentially affect both commercial and governmental enterprises globally. Now government officials are cautioning water utilities to focus more attention on this rising threat.
With more and more water utilities trying to cut down on their operating expenses by opting for fully automated systems, the threat is likely to increase in the years to come, BNA Bloomberg reports.
The US Environmental Protection Agency (EPA) together with input from the Dept of Homeland Security (DHS) are busy developing training manuals to help smaller, rural water systems that lack the necessary resources to defend themselves against threat posed by cyber hackers.
According to Helen Jackson from the DHS's Office of Cybersecurity and Communications, these threats to water distribution networks can come in various guises. For example, one type of threat is ransomeware — where computer hackers hijack and take control of computer controlled equipment and demand payment of a ransom to give back control of the equipment. Insider threats — where a computer system is compromised by someone who has access to the utility — is another. According to Jackson, a 2015 survey conducted by computer giant IBM revealed that more than 50% of all cyber security incidents in the corporate world involved insider threats.
Once hackers gain access to a water utility's computer system, they have the ability to control factors such as chlorine flow rates as well as ratios of other chemical additives added to drinking water during the treatment process.
David Travers, director of water security at the EPA, feels that as water utilities become more automated they are becoming increasingly vulnerable to cyber threats and need to be more vigilant to protect themselves from potential hackers.
"As we rely on a fully automated system, I think there's a certain degree of expertise that's lost", said Travers. "Now you have operators who may not know how to run the system" in the event of an outage.
Travers urges water utilities to prepare for cyber threats by running hands-on tabletop simulation exercises that would increase the capacity of technicians to handle any such threat. Jackson echoes his sentiments, pointing to industry resources that can help utilities assess their cyber security risk.
Water distribution networks have faced cyber security attacks before. More than 10 years ago in 2006, a computer hacker gained access to the computer system at a water filtration plant located near Harrisburg, PA, and attempted to use the computers network to distribute pirated software and emails. Upon investigation the FBI found that the computer in question controlled a vital system of the water plant and had the attack caused it to malfunction, service to consumers would have been disrupted. Then 10 years later, in 2016, hackers gained access to a water treatment plant and were able to manipulate chlorine levels.
In this day and age, cyber security is a real threat, and needs to be taken seriously by water utilities. Should the security of your local water utility be breached, do you have a contingency plan to ensure you have access to safe drinking water?