With the focus turning to securing critical infrastructure and a backdrop of an increased number of cyberattacks, a survey of the cybersecurity in the water and waste management sector shows a number of facilities with incomplete cybersecurity programs, the Water Information Sharing and Analysis Center (ISAC) found in an April 2021 study.

The Water ISAC received 606 responses from water and waste management utilities, with 60 percent of respondents having taken cybersecurity into account in their overall risk assessments. However, just 38 percent of utilities have identified all of their IT-networked assets.

“With threats from increasingly sophisticated and destructive attackers, cybersecurity has become a top priority for water and wastewater systems. Recent incidents have added urgency to discussions within the sector and with Congress and in federal agencies on how best to help utilities improve their cybersecurity,” the Water ISAC’s Sector Coordinating Council wrote in a memo.

These observations dovetail with concerns expressed by members of the National Cyberspace Solarium Commission. The members pointed to a February hack of a treatment facility in Oldsmar, Florida as evidence of a lack of resiliency in the sector, and NBC News recently reported that another hacker was able to breach a water facility in the San Francisco Bay Area in January. The latter went unreported publicly until June 17 and involved a malicious hacker who deleted water treatment programs.

When looking at what their organizations need the most Federal help in securing their utilities, four main actions emerge. The sector says it needs the most support with sector-specific training and education; technical assistance, assessment, and tools; cybersecurity threat information; and Federal loans and grants.

“Additional resources are clearly needed to reach a wider audience within our large and diverse sector,” the memo says. “The development and promotion of these resources must recognize the range of resources and capabilities within the sector and will require a combined effort between the sector, government agencies, and other partners.”

The ISAC notes that the sector has made some strides in each of the areas it is seeking help with but cannot act on the need for Federal loans and grants without obvious Federal assistance.

Read More About
About
Lamar Johnson
Lamar Johnson
Lamar Johnson is a MeriTalk Senior Technology Reporter covering the intersection of government and technology.
Tags