Simplifying cybersecurity for the water sector – a reminder on World Water Day
World Water Day is a UN initiative celebrated every March 22. It honors water and focuses on those deprived of it. The occasion is a persuasive aide-memoire to the human world to deal with the global water crisis.
Population growth has increased the demand for water, and water management organizations are driven to conserve and manage this essential resource. To do so, the sector uses a wealth of digital information (data sharing between a water management entity’s business [IT] and operational-technology [OT] networks) to make informed decisions that serve the on-demand needs of communities as well as meet environmental and economic regulations.
Keeping this Valuable Resource Safe
Water operations may not see themselves as a target for cyber-crime. However,because they manage infrastructure that supplies a life-critical resource, their operations are vulnerable to threats and are a tempting target for potential terrorists. Analysts, including those at welivesecurity.com, tell us “Critical infrastructure attacks are on the rise,” and cyber attacks on vital infrastructure, such as electrical grids and water distribution systems, have escalated.
In the water sector, a cyber attack could employ any of four different threat vectors:
- Chemical contamination
- Biological contamination
- Physical disruption
- Interference with the Supervisory Control and Data Acquisition (SCADA) systems
And any disruption of the availability of safe drinking water can have disastrous effects on local health and economies. Imagine the impact if a waste treatment facility’s operation were hacked and tons of raw sewage were to flow down a local river! Unfortunately, we’ve already seen this: In 2000, a hacker caused 800,000 liters of untreated sewage to flood the waterways of Maroochy Shire in Queensland, Australia.
“Marine life died, the creek water turned black and the stench was unbearable for residents,” said Janelle Bryant of the Australian Environmental Protection Agency.1
Security Best Practices are Vital
Cyber defense must be part of every water management organization’s digital transformation strategy – not only to ensure the integrity and availability of safe drinking water, but also to protect sensitive or private data.
Traditional approaches to cybersecurity in the water sector have been to invest in disparate products and technologies. Historically, IT and OT networks have been completely separate, with separate protections as well as separate groups to manage and control them. Now, OT networks are moving to more standard IP networks, and digital information monitoring is required to meet increasing water demand, regulatory compliance and business efficiency requirements. It is clear there is an appetite to converge these elements. But, this new environment calls for a different approach to data security, such as encryption, user access control and key management, which are all best practices for data protection.
World Water Day reminds us of the importance of this limited resource. In today’s digitally transforming world, water, like just about every critical resource, is managed using complex digital technology. Protecting water and its delivery means protecting data and systems, and we in data security have a critical role to play in conserving and delivering a safe water supply to the world today and in the future.
I hope you will have a happy, and meaningful, World Water Day this year.
For more information on Thales’sencryption technologies, please visit our website.
The post Simplifying cybersecurity for the water sector – a reminder on World Water Day appeared first on Data Security Blog | Thales eSecurity.
*** This is a Security Bloggers Network syndicated blog from Data Security Blog | Thales eSecurity authored by Nisha Amthul. Read the original post at: https://blog.thalesesecurity.com/2019/03/22/simplifying-cybersecurity-for-the-water-sector-a-reminder-on-world-water-day/