Blog Hero Icon
Simple Steps For Mitigating Cybersecurity Risk
Back to Blog
Water Quality

Simple Steps For Mitigating Cybersecurity Risk

Regardless of the industry, cybersecurity is at the top of priority lists for company leaders around the globe. After 50 years of innovation in technology, it will take a collaborative approach by government officials, industry leaders, and individuals to safely navigate the volatile cybersecurity landscape.

For utilities, repercussions of a cyber-attack can cost millions of dollars, a tarnished reputation, and even lives in the case of water resources. The good news is that there are simple yet essential steps that every utility can start taking right now to improve their safeguards against these threats.

According to Black & Veatch’s 2021 Strategic Directions: Water Report, utilities’ resilience concerns surrounding cyberattacks have increased from 34% in 2020 to 56.2% in 2021. 

The report theorizes that with the increase in remote work brought on by the pandemic, utilities are more vulnerable than ever to cyberattacks including ransomware, internal sabotage, and cyber terrorism. Underfunding is another contributing issue, as many utilities lack the funds to invest in cutting edge security systems or to regularly audit their processes.  

Cybersecurity Attacks Increasing in Frequency

On January 15, 2021, a hacker tried to poison a water treatment plant that served parts of the San Francisco Bay Area. Utilizing popular remote work platform TeamViewer, the hacker used a former employee’s username and password to gain access to the plant’s computers. While no harm was caused by the incident, the hacker was successful in deleting programs that the plant used to treat drinking water.  

A few weeks later, a hacker infiltrated the water treatment plant in Oldsmar Florida through the same remote work software in attempt to add dangerous levels of sodium hydroxide to the water. According to the FBI investigation, all the plant’s computers used the same password, and they were utilizing Windows 7, an operating system that Windows no longer supports. Each of these factors contributed to Oldsmar’s vulnerability and status as a potential target.  

Published in 2020 in the Journal of Environmental Engineering, A Review of Cybersecurity Incidents in the Water Sector finds that there has been “an increase in the frequency, diversity, and complexity of cyberthreats to the water sector.”.  

Reported in the review was an attack that took place in 2016. An undisclosed water utility in the US (presented under the pseudonym of Kemuri Water Company) hired Verizon Security Solutions to perform an assessment of its water supply and metering system. The assessment revealed numerous high-risk vulnerabilities, including a reliance on outdated operating systems and computers. Digging deeper, Verizon found that the utility’s internet payment application and outdated AS400 computer system were linked, granting hackers access to any information stored in the AS400.  

The forensic investigation unveiled an exfiltration of 2.5 million unique records and the hackers’ manipulation of chemicals and flow rates.  

Again, outdated software and processing systems was the culprit behind the utility’s vulnerability. A Review of Cybersecurity Incidents in the Water Sector, which explores 15 recent malicious cyberattacks, emphasizes “the need for an adaptive, cooperative, and comprehensive approach to water cyberdefense.”  

Understand that cybersecurity is a continuous process. Actively monitor and stay vigilant.

Eric Logo Testimonial Logo
Eric Dorgelo, Chief Technology Officer, Aquatic Informatics

How Can the Water Sector Strengthen Security Resilience

By looking at past cyber-attacks on water and wastewater plants, we can learn a lot about how to better steel our defenses against both internal and external infiltration.  

Below are the FBI’s and the 2020 water cybersecurity review’s recommendations for increasing one’s security resilience: 


• Use strong and diverse passwords and securely protect them;  
• Always use multi-factor authentication 
Updating passwords
• Immediately change access permissions and passwords after terminating an employee 
• Ensure anti-virus, spam filters, and firewalls are configured and secure  
Audit network configurations and isolate end-of-life computer systems 
Apply two-factor authentication whenever possible
Train users to identify and report attempts or unusual activity
• Keep all software updated
Separate SCADA systems from administrative networks
• Perform routine checks of systems such as email that contain confidential information
• Implement a monitoring mechanism to oversee data transfer for early detection and response

Continue Learning

For more practical tips, register for our upcoming cybersecurity webinar, or check out our ebook written in partnership with OTT Hydromet:
Cybersecurity Wpfin2 2 880x650 (2)
Cybersecurity for the Water Sector
Read more uncover the current state of cybersecurity and discover key action steps your organization can take to protect our most valuable resource
Download the eBook
Blog Thumbnail Card
Demystifying Cybersecurity for the Water Sector
Watch our panel of cybersecurity and digital experts simplifying the risks of poor data security practices, and how technology serves as a security advantage.
Register for Webinar

The Main Takeaway

Protecting our source water and valuable data associated with our critical infrastructure requires active participation from everyone in the industry. 

Have you assessed your company’s software or operating systems recently? How many are outdated, not in use, or no longer supported?  

While not every everyone has access to the same advanced security software, we can improve the sector’s resilience by always upgrading and updating software, staying on top of administrative access, and practicing secure password processes.  

SHARE THIS
[addtoany]
Amber Jelly
Amber Jelly

Dec 15 | 2022
Subscribe today!

By submitting, I confirm that I have reviewed and agree with the Aquatic Informatics’ Privacy Policy, including my personal data privacy choices as outlined in the “Your Privacy Choices” section. I also understand my privacy choices as they pertain to my personal data as provided in the Aquatic Informatics’ Privacy Policy under the section “Your Privacy Choices”.

Keep reading: Related Articles
Hach WIMS Frequent Questions: Thumbnail
Water Quality
Hach WIMS Frequent Questions:
Hach WIMS Frequently asked questions answered by Aquatic Informatics Technical Sales Engineer Tyrone Yan.
Learn More
Introducing the Rating Review Tool: Thumbnail
Hydrology
Introducing the Rating Review Tool:
Introducing the Rating Review Tool: a new step forward for raving curve reviews replacing RDT.
Learn More

One Water. One Platform.

Software solutions that address critical water management challenges.

LEARN MORE

Aquarius Logo White Blog

Analytics Software for the Natural Environment

Learn More
Rio Small Thumbnail Web

Operations & Compliance Software for Facilities

Learn More
Wims Thumbnail Web

Water Information Management System

Learn More
How we work with the community
Ripple Effect Software Donation Program

Ripple Effect is a donation program that provides complimentary access to water data management software and professional services for communities and organizations that are unable to realize the full potential of their water data.

LEARN MORE

Keep reading: Related Articles
How to Monitor and Manage Groundwater Thumbnail
Hydrology
How to Monitor and Manage Groundwater
Get the full interview between Nicole Nally and H2O Global discussing how Aquarius can help solve groundwater monitoring challenges.
Learn More
Aquarius HydroCorrect FAQ: Answered by Aquarius Product Manager  Thumbnail
Hydrology
Aquarius HydroCorrect FAQ: Answered by Aquarius Product Manager 
Read our full blog for answers to Frequently Asked Questions about Aquarius HydroCorrect, answered by Aquarius Product Manager Symone Kumar.
Learn More