Water utilities are finding that letting information flow can flush out cybersecurity problems.
The water industry has a security issue: Many utilities operate with ageing systems and minimal IT or cybersecurity personnel. But by coordinating responses to cyber-attacks, participants in a pilot program run by the Cyber Readiness Institute (CRI) and the Center on Cyber and Technology Innovation (CCTI) improved security.
One of the key findings of the two-year pilot involving 200 small and medium-sized utilities was that companies need to combine cybersecurity training with adequate support structures.
There have already been some reported attacks. In October 2024, American Water was hit by a cyber-attack that meant that the company could no longer bill customers and in 2024 a Texan water company suffered a cyber-attack, The US is not the only country to be so hit: Norway and Poland have reported similar attacks.
The pilot program, sponsored by Microsoft, identified four factors that would improve security. First, companies should be wary of free tools, which are often inadequate. Second, utilities should expand hands-on technical assistance to support implementation. The next issue that companies should address is the need to include cybersecurity training in operator licensing. Finally, companies should develop their links water sector associations to help improve cybersecurity operations.
The report of the program concludes that to avoid future cybersecurity incidents, utilities should shift from information distribution to capacity building, ensuring that a resilient infrastructure is in place.
No Responses