• Home
  • Blog
  • Facebook
  • LinkedIn
  • Twitter
Menu

Peter Cavicchia

Street Address
City, State, Zip
Phone Number

Your Custom Text Here

Peter Cavicchia

  • Home
  • Blog
  • Facebook
  • LinkedIn
  • Twitter

How Secure Are Our Water Supplies From Cybercriminals?

July 27, 2021 Pete Cavicchia
hacking.jpg

Earlier this year, a hacker was able to infiltrate the water supply in Oldsmar, Florida. The cybercriminal was able to increase the levels of lye, or sodium hydroxide, in the city’s water treatment system. Luckily, a city worker detected the hack and reversed any potential damage done, reports the BBC.

The cyberattack touched on both cybersecurity and public health concerns, one of multiple recent examples of how vulnerable our nation’s water supplies are to ever more sophisticated hackers.

The threat to the nation’s water supplies

Another similar example came on January 15, when a hacker attempted to attack a water treatment plant that is used by portions of the San Francisco Bay Area. The cybercriminal utilized the login information for the program that employees of the plant use to operate their computers remotely. The hacker — who has yet to be identified — deleted programs used by the plant to treat the area’s drinking water. This person’s activity was detected the next day, prompting the plant to immediately reinstall programs and change login information for employee accounts, reports NBC News.

In their broad-ranging report, NBC spotlights just how vulnerable our nation’s water system is to hacks — more than other sectors of our infrastructure.

This is due to the fact that water systems nationwide are difficult to institute universal cybersecurity safeguards and, unlike other parts of the infrastructure, can have severe impacts on the population at large if tampered with.

One benefit of our nation’s water supplies is that each system differs, there is no centralization. This means it would be very difficult to carry out a nationwide hack all at once given that each water facility functions on its own. On the flip side, this means there is no standard protocol that each system can implement. This results in a somewhat chaotic situation.

"It's really difficult to apply some kind of uniform cyber hygiene assessment, given the disparate size and capacity and technical capacity of all the water utilities," Mike Keegan, an analyst at the industry trade group, the National Rural Water Association, told NBC. “You don’t really have a good assessment of what’s going on.”

The vulnerabilities of local water systems

The threat is very real. NBC reports there are more than 50,000 drinking water facilities throughout the country. Most of them are nonprofit companies. While some are for the nation’s large metropolitan and urban centers, many provide drinking water for rural areas that might not have the means, staff, or defense protocols in place to defend against a major cyberattack.

A big problem facing these rural water facilities is the fact that many rely on remote employee system logins as with the situation in Oldsmar.

For facilities located in difficult-to-reach rural areas — an employee might have to drive 50 miles to work at a water treatment plant — and in a year where the pandemic saw all industries embrace work-from-home routines, we are facing an environment where these rural facilities are especially vulnerable.

NBC reports that some light is on the horizon. Congress just gave the Cybersecurity and Infrastructure Security Agency (CISA) authority to compel Internet providers to reveal the identities of organizations and companies that are prone to hacks. The Biden administration is also aiming to begin a cybersecurity initiative, an overdue collaboration between these water plants and the U.S. government.

Hopefully, we are entering an era where we are particularly vigilant about keeping the water we drink — and our communities depend on — are safe from cyberattacks.

Tags Water Supply, Nationwide Hack, NBC