By Iishi Patel
Cybersecurity threats to drinking water and wastewater systems have been a growing concern in recent years. The increasing use of automation and technology integration in these systems has made them more vulnerable to cyber attacks, potentially putting public health and safety at risk. There are more than 52,000 community water systems in the United States, and most are run by local governments, many of which are very small and may not have the resources to improve their cybersecurity.
In February 2021, a hacker gained unauthorized access to a water treatment plant’s computer system in Oldsmar, Florida. The hacker raised the level of sodium hydroxide in the water supply, which could have caused serious health problems if not detected and reversed quickly. Since then, many states have issued alerts to water systems and taken steps to improve their cybersecurity measures. However, small water utilities often lack the resources to ensure their cybersecurity is strong, and there are concerns that insiders could also pose a threat.
The Water Data Forum’s latest episode, held on March 9, 2023, focused on cybersecurity and interoperability challenges faced in the water sector due to the adoption of digital capabilities, with an emphasis on developing national databases for water pipes, implementing AI, and minimizing cybersecurity risks. In the panel discussion on intelligent water systems, experts from various fields came together to share their insights and experiences. The focus was on the challenge of creating a national database for water pipes, which requires collecting data from various utilities in different formats and using different software. The speakers emphasized the need for data to be standardized, interoperable, and accurate to enhance service delivery and ensure that data analysis provides useful knowledge and wisdom. Dr. Sunil Sinha, the Director of the Sustainable Water Infrastructure Management (SWIM) Center at Virginia Tech, proposed that the water sector in the USA can learn from other advanced sectors such as transportation and smart electric grids to speed up their adoption of data-related standards and interoperability models to ensure swift adaptation of cybersecurity practices.
Additionally, in November 2022, the National Cybersecurity Center of Excellence (NCCOE) announced the formation of a group dedicated to securing the water industry from cyber threats. The NCCOE seeks guidance from the industry and has created cybersecurity best practices for the water sector. The organization’s goal is to offer education, testing, and complementary resources to support the water industry in developing stronger defenses against cyber attackers.
The Biden-Harris Administration has extended the Industrial Control Systems (ICS) Cybersecurity Initiative to the water sector, with the Water Sector Action Plan outlining actions to improve cybersecurity over the next 100 days. The plan will assist owners and operators in deploying technology that provides cyber threat visibility and sharing cybersecurity information with the government and stakeholders. The plan will initially focus on utilities serving the larger populations but will lay the foundation for enhanced ICS cybersecurity across water systems of all sizes.
Overall, when it comes to designing a cybersecurity strategy for the water sector, it is important to assess the organization’s current ability to manage people, processes, and technology, and determine their level of maturity. After this understanding, we need to secure the organization’s data with a focus on asset management, data integrity, remote access, and network segmentation and aim to align business needs and cybersecurity requirements. Hence, interoperability and cybersecurity should be viewed as complementary rather than separate, with increased interoperability potentially leading to improved cybersecurity. However, to implement these kinds of strategies on a national level, there is a need for a common methodology and standards for the water sector, which can be achieved through standardized system engineering. It is suggested that academic institutions and professional associations collaborate to lead the development of these standards.
Join the upcoming Water Data Forum webinar on June 16, 2023, which will be focused on a cross-sector discussion of wastewater surveillance for public health.
Contact the MBDH to learn more, or if you’re aware of other people or projects involved in water data and cybersecurity that we should profile here. We invite participation in any of our community-led Priority Areas. The MBDH has a variety of ways to get involved with our community and activities.
The Midwest Big Data Innovation Hub is an NSF-funded partnership of the University of Illinois at Urbana-Champaign, Indiana University, Iowa State University, the University of Michigan, the University of Minnesota, and the University of North Dakota, and is focused on developing collaborations in the 12-state Midwest region. Learn more about the national NSF Big Data Hubs community.