Water utilities utilize a plethora of devices that transmit real-time data online via Wi-Fi or cellular connectivity, such as remote flow sensors that transmit information to the operations center. The problem is that these connections can pick up and transfer viruses, malware or ransomware that can literally shut down water operations for a period of time, or even manipulate the amount of chemicals injected into the system in an effort to poison anyone who drinks the water. Click here for more technical info.
Although there have not been any reported instances of this happening in the water industry, a similar kind of cyber-attack has happened in the electric industry and therefore is a legitimate risk. And the risk is growing because the number of connected devices continues to increase, the frequency of data transmission from the devices is increasing as utilities inch closer to real-time information, and many of these devices are built using open source platforms that hackers can study to identify security holes.
But again, because a cyber-attack hasn’t really occurred in the water industry, it is not top-of-mind for most industry decision-makers and therefore it’s not a risk that is currently being taken particularly seriously. This is a huge mistake in my opinion because in the worst-case scenario many lives could be lost. Therefore, water utilities should continuously build awareness for this type of threat through employee training, and by conducting regularly-scheduled exercises and drills focused on cybersecurity scenarios. Not only will these tactics help build awareness of the risk, but it will also allow water utility personnel to practice dealing with a security breach. The bottom line is that the proliferation of IoT devices makes emergency preparedness even more critical than before, and it doesn’t matter what industry sector you fall into – everyone is at risk.