Industrial cyber attacks on water facilities have been on the rise over the past decade, culminating recently in several alarming events and even more concerning, some potentially lethal near-misses. The example at the top of everyone’s list of cyber attacks on water facilities is the attempted breach of the Oldsmar water treatment center in Florida. There are several reasons why this case has been so highly publicized:
Cyber security for water operations should be at the top of the priority list in order to prevent the possibility of a large-scale crisis. It has, however, proved tricky to ensure the necessary level of water utilities cyber security.
[inject id=’code-47fd23f73a9caecab1e206306adae7f9′]
There are several different factors contributing to this problem: in the case of the Oldsmar facility, old software and poor password protection was the culprit, and this issue exists in many industrial facilities, but in particular within water operations where budgets and staff are often limited.
Another contributing factor is the issue of OT vulnerabilities which has become the focus of attention for cyber security specialists. This problem has arisen as a result of the convergence of IT and OT systems.
Bringing industrial systems online allows for streamlining of services, as well as financial savings, but it also introduces the problem of a potential cyber attack, where before these vital systems were protected by their very nature of being isolated.
The need for adequate ICS cyber security for water operations is universal, but there is already a gap between the security levels in larger facilities and those in smaller, rural plants.
This is particularly relevant in the United States where water operations are split into many very small locally-run facilities with minimal staff. This fragmented structure leads to a compound problem: it increases the need for the systems to be online to ensure continuity of service, but this very same solution increases exposure to cyber attack.
Simultaneously, low staffing levels means that there are very few network experts available for prevention or even reaction, let alone cyber security specialists.
While it is true that the problem is complex, there are several steps that you can take to improve cyber risk management for water operations.
Radiflow will ensure that you have all the tools you need to fully protect your water and wastewater facility. A virtual digital map of your complete network highlights any weak points for you to SEE, and creates a base-line picture.
Radiflow’s CIARA industrial risk assessment and monitoring system enables you to KNOW what the problems are, and offers the opportunity to ACT to close any gaps and prevent breaches. Then, you can MONITOR on an ongoing basis, making it possible to update the security regularly in order to protect the water system and enable continuity of service.
To discover more about Radiflow’s innovative ICS solutions, contact us today and find out how Radiflow are working to protect water operations around the world,
Harmonizing risk and consequence strategies across IT and OT environments for greater cyber resilience
Strengthening OT Resilience: Protecting Critical Systems in a Rapidly Evolving Threat Environment
Quarterly ICS Security Report 2024 Q3