Water systems are a critical infrastructure that requires protection against cyber threats. Unfortunately, security breaches in drinking water and wastewater plants have become increasingly common. Hackers have successfully accessed drinking water systems in several states in the US. Recent reported attacks include an attack on a water treatment plant in January 2021 that served parts of the San Francisco Bay area, and an attack in February 2021 on a Florida water plant that attempted to increase the level of sodium hydroxide in the water supply to dangerous levels.
These alarming incidents have raised concerns and emphasized the need for increased security measures and life-protecting initiatives related to water and wastewater facilities. Let’s take an in-depth look at various methods available to secure water systems, with a particular focus on safeguarding the industrial control systems that manage them.
Water utilities and wastewater facilities are progressively adopting digital technology to improve their operations and services. A smart water utility is a system that integrates digital sensors, data analytics, and automation to enhance water resource management, treatment processes, and distribution networks. However, becoming a smart water utility requires more than just smart sensors or remote monitoring.
Due to the escalating cybersecurity incidents with public utilities and growing global political instability, the need for safety and security measures in the water and wastewater sector has become more critical. Furthermore, water and wastewater management organizations are facing significant challenges such as workforce limitations, regulatory oversight, funding and aging infrastructure.
To address these threats, organizations must adopt a comprehensive approach to cybersecurity. One effective approach is to adopt the National Institute of Standards and Technology (NIST) cybersecurity framework, which includes five core security steps: identify, protect, detect, respond, and recover. This methodology enables organizations to identify crucial assets and systems, implement access controls, firewalls, and encryption, monitor potential threats, and develop response and recovery plans in the event of a cyber incident.
At Velta Technology, we understand the importance of protecting critical infrastructure in the water and wastewater sectors. Here are five recommendations to help protect your organization's operations:
1. Protecting water and wastewater operations from cyber threats requires a multi-layered approach that includes both IT and OT environments. It's important to implement comprehensive security technologies that cover everything from water quality and flood monitoring to IoT devices and systems. Consider adopting a zero-trust architecture, which ensures that only authorized users and devices can access your network. Additionally, regularly reviewing and updating your security policies, configurations, and deployments can help identify and address potential vulnerabilities.
2. Digital transformation has enabled water utilities to improve efficiency and gain better visibility into critical facilities through remote operations. However, it's important to ensure your remote systems are secure and monitored for potential threats. For facilities without readily available personnel, edge computing solutions can provide self-monitoring systems that enable on-site maintenance teams to maintain equipment without requiring intervention. Regularly testing your systems for vulnerabilities through tabletop exercises and taking ownership of your ICS equipment security can help minimize the risk of cyberattacks.
3. To protect against cyber threats, it's essential to have a well-defined border protection between your OT, enterprise network, and cloud to minimize exposure and the risk of unscheduled downtime. Upgrading outdated hardware components and old software with known vulnerabilities in many water utility networks can also reduce the risk of cybersecurity incidents. Regular vulnerability and penetration testing can help identify and address any security gaps in your systems.
4. No organization is immune to cyberattacks, so it's critical to have a backup and recovery plan in place to minimize the impacts of an attack. Your plan should ensure that your systems can be restored in case of cyberattacks, human error, or physical failure. Consider partnering with an external partner who specializes in cyber safety, to augment your internal resources and provide expertise to tackle cybersecurity challenges.
5. To protect water networks, a holistic security and digital safety approach is necessary. A zero-trust architecture includes macro and micro segmentation built into the industrial network, sharing context from the industrial network with the enterprise security operations center, detecting, investigating, and remediating security threats, and reducing investigation time with common aggregated threat intelligence. Although no single solution can fully secure water or wastewater treatment facilities and networks, taking these fundamental steps can go a long way in protecting your organization.
Safeguarding water and wastewater treatment plants against digital threats is a pressing issue in today's technological landscape. However, with the unique solutions and expertise that we provide, you can rest assured that your organization is secure and protected with Velta Technology. We offer a wide range of services to support you in proactively addressing potential digital incidents, threats, and compromises that could negatively impact production, operations, the environment, and even human lives.
Velta Technology's mission is to provide tools and methods for safe, secure, and efficient production in a digital world. With over 100 years of combined OT/IT industrial, enterprise, and C-suite experience, we are laser-focused on the critical infrastructure and industrial manufacturing space. We are platform agnostic and have strong relationships with world-class partners across technologies and environments, with proprietary Velta Technology Standards, Platforms, and Methodologies.
To protect your water and wastewater treatment plant from digital threats, Velta Technology is your one-stop solution. Take steps now to Get Safer Sooner!