The focus on cybersecurity in the water sector has been a growing concern for the Biden Administration since 2021. Despite efforts by various agencies and utilities in the sector, vulnerabilities remain due to undercapitalization and outdated technology. Intelligence reports have shown that potential adversaries, including the Chinese government, have shown interest in attacking U.S. water infrastructure.
Veteran cyber defenders have long acknowledged the lack of security controls, culture, and capacity in the sector. With an increased threat level, urgent action is needed to address these risks. Five key areas have been identified for improvement, including prioritizing cybersecurity on operational technology, monitoring supply chain risks, creating a new regulatory framework, enhancing infrastructure investments, and improving cyber resilience planning.
Implementing these priorities would enhance the security of water and wastewater facilities, pushing for more secure-by-design technologies and creating a new entity to lead cybersecurity requirements. This would set a standard for security technologies in water facilities and ensure that these standards are followed.
The emphasis on resilience is also crucial, as mandating resilience standards would require water sector organizations to plan and build resilience in case of incidents. This would reduce the likelihood of a cyber incident causing significant impacts on communities. Smart security and resilience regulations are seen as necessary additions to the purely voluntary approach, integrating cybersecurity and resilience into the cost of doing business.
Amidst the evolving cyber and supply chain risk environment, new strategies and policies are needed to address the challenges. The urgency to address these threats has been highlighted by the nation’s leaders, emphasizing the need for swift action.
Bob Kolasky, a Senior Vice President of Critical Infrastructure at Exiger, has been at the forefront of developing cutting-edge third party and supply chain risk management technology for the critical infrastructure community. With years of experience in the field, Kolasky’s expertise is valuable in developing solutions for the cybersecurity challenges faced by the water sector.
In conclusion, addressing cybersecurity vulnerabilities in the water sector requires a strategic shift towards more proactive measures. By prioritizing key areas, enhancing resilience, and implementing smart security and resilience regulations, the water sector can better prepare for potential cyber threats and ensure the safety and security of water delivery systems for communities across the nation.