Why is Cybersecurity Important for Water Utilities?
Water infrastructure in America is particularly vulnerable to cybersecurity risks due to its smaller budgets and limited workforce. As such, it has become an increasingly attractive target for criminal and nation-state hackers alike.
Cyber attacks against water utilities can have devastating results. They may steal or exploit customer billing information, disrupt operations and make unauthorized modifications to system functions.
Cybercriminals can steal water
Cybercrime, also referred to as computer crime, is an illegal online activity that may include theft, fraud, hacking and cyber extortion.
Water utilities can be vulnerable to hacking attacks since they rely on computers for system management and operations. Therefore, it's essential to protect these systems from any potential threats.
Cybercriminals can use their access to a water utility's system to siphon off drinking water. In 2021, for instance, an attacker in San Francisco exploited TeamViewer, an inadequately protected software application, to infiltrate a water plant there.
Cybercriminals gained remote access to a water plant's system and deleted programs used for treating drinking water, leading to an increase in sodium hydroxide (lye) concentration in the supply.
Water utilities face a cybersecurity challenge that goes far beyond these incidents. As the industry develops and matures, more resources and guidance will be necessary to guard against cyberattacks.
Cybercriminals can disrupt operations
Water utilities have become a prime target for cybercriminals who aim to disrupt operations or steal data. They may do this by installing malicious software on computers or phishing water utilities in an effort to gain access to their systems.
Cyberattacks on water treatment systems can have grave repercussions, from financial loss to compromised public health. Recently, the FBI, CISA, EPA and National Security Agency issued warnings about malicious cyber activity targeting their information and operational technology (OT) networks, systems and devices.
Cyberattacks on water utilities can be hard to identify. Hackers may access a treatment plant's computer system and then adjust it in order to make treated water more toxic. Last year in Oldsmar, Florida for instance, someone remotely accessed the computer of the water treatment plant and increased lye levels–used for controlling pH–to an unsafely high level.
Cybercriminals can hold water for ransom
Cybercriminals have various motivations, from theft of funds to corporate espionage. To achieve their objectives, they often employ social engineering techniques and technical know-how; however, they also possess a ruthless edge in their actions.
One of the most frequent methods cybercriminals use to obtain money is ransomware. In this scenario, they threaten to delete a computer or device unless an agreed-upon amount of cash is paid.
Water utilities must safeguard themselves from such attacks, as if successful, could have severe repercussions for their customers and community. For instance, criminals who disrupt operations or damage sensitive data could cause major health effects.
Another type of attacker is script kiddies, who are less experienced hackers who rely on other skilled hackers' software and programs to launch attacks. Generally teenagers, these individuals target unprotected websites, schools, and gaming networks; they may even be employed by governments to disrupt online activity.
Cybercriminals can steal information
Water utilities may be particularly vulnerable to cybercrime due to their often handling personal information that could be used for extortion, fraud and blackmail. A hacker could easily steal this data by invading a utility's computer network.
Many attacks go undetected, making it difficult to pinpoint who is responsible. However, publicly reported incidents suggest there could be a range of actors responsible for them: hackers acting out of political ideology; disgruntled former employees seeking revenge; or cybercriminal networks driven by financial gain.
Cybercriminals can steal data by injecting malicious code onto a water plant's computer system. For instance, they could use remote access to install ransomware into the wastewater supervisory control and data acquisition (SCADA) system of the plant.
to read more click here:
https://www.acid-tech.com/solutions/cybersecurity-for-water-utilities/