As technology becomes increasingly intertwined with how the United States operates its critical infrastructure, the risk of cyber attacks against vital public services is also increasing. Recent incidents involving hacks on public water systems have underscored the urgent need to protect essential services from cyber attacks.
The United States Federal Bureau of Investigation now ranks cybercrime as one of its most important law enforcement activities. In a statement from the United States Department of Energy, "In addition to the general problems associated with cybercrime, critical infrastructure related to energy production, manufacturing, water supply and other systems have come under attack."
Recent reports indicate a staggering 4,000 percent increase in attacks in the United States since 2013, underscoring the need for robust cybersecurity practices. This is emphasized as geopolitical tensions escalate worldwide, making the susceptibility of vital public services increasingly transparent.
A hacking group with ties to the Russian government is suspected of carrying out an attack against Muleshoe, TX, with several attempts against other rural Texas towns including Lockney and Hale Center.
And while Muleshoe was the victim, it's possible the town itself was not the actual target of the attack.
“Bad actors can sometimes hack into other systems that give them access to that software,” said SitePro Marketing Manager, Kembra Howell in a report to KCBD.
FBI Director Christopher Wray testified before Congress just last week that Chinese hackers were preparing to "physically wreak havoc" on United States critical infrastructure. In a Fox News report, Wray claimed the hacking campaign "has embedded itself successfully in several American critical infrastructure companies that include telecommunications, energy and water, and others."
Which is why several government agencies are warning infrastructure operators to take action against future cyber attacks.
Understanding the Threat:
Critical infrastructure, comprising of systems vital for the functioning of society, has emerged as a prime target. This includes water, wastewater, and energy systems. Because cyber threats are unfortunately becoming more common, municipalities and other governing entities need to be proactive to protect against breaches, hacks, and ransoms.
So How are Water Utilities Affected?
More and more public water systems are incorporating technology into their systems. Nowadays, SCADA (supervisory control and data acquisition) systems are essential for efficient operations in most water systems across the country. That computer technology in itself can make systems susceptible to cyberthreats. As more infrastructure becomes capable of communication, control, and data acquisition, cybersecurity must become of utmost importance.
The Environmental Protection Agency (with assistance from the United States Department of Homeland Security) is in charge of detection research and response among public water systems. According to the EPA, under a cyber attack, "water system operators can lose their ability to track the true status of the water system. Thus, water system managers need to improve their ability to know:
- when their treatment systems, pumps, valves, tanks, etc. are being compromised.
- how to quickly stop an attack,
- how to recover so that safe and full service can be returned to the community."
READ MORE: "Water Security: How Safe is Our Nation's Most Precious Resource?"
Protecting Drinking Water Systems Specifically
The good news is, simple cybersecurity practices can be very effective in eliminating vulnerabilities. And while most water managers are unfamiliar with information technology and maybe even SCADA technology (especially smaller public water systems), there are simple ways to promote a cybersecurity culture. Here are a few tips recommended by the EPA:
-
- Cybersecurity training for core SCADA-using staff members
- Updating to the latest version of the operating system
- Multi-factor authorization
- Strong passwords to protect remote access
- Ensure anti-virus and firewalls are up-to-date
- Audit network configurations
- Ensure you choose a SCADA system that logs all activity and changes to the system
- Train users to identify and report attempts at social engineering or phishing
- Identify and suspend access of users exhibiting unusual activity
WATCH: KCBD: "Lubbock software solutions company offers tips to guard against cyberattacks"
SitePro partners with public water systems of all sizes to help them securely manage their critical water infrastructure. Our award-winning software has been recognized by various government entities such as the Department of Defense, Homeland Security, Army, Navy and Air Force for its impact on national security.
Our subscription-based software ensures your network configurations and firewalls are always up to date with the latest technology and upgrades. Real-time data collection and analysis allows your operators to be alerted of any unusual changes to your operations, and our real-time remote control ability allows them to react promptly.
Users can easily be added and removed to your SitePro platform, so only authorized operators have access to your critical infrastructure. Our customer success team also ensures your water operators are properly trained in using the software, so you can monitor and control your water and wastewater operations with confidence.
To learn more about our technology and how to leverage it to protect your water and wastewater systems, give us a call at 806-687-5326.
Reserve your best time to talk.