Federal agencies consider water systems as one of the nation’s top critical infrastructures. Living in a world where cyber intrusions are increasingly common in our personal and professional lives, the threat to water infrastructure is both real and serious. Given the essential nature of water service, it’s well known that water infrastructure – and water treatment plants of all sizes - are potential targets of people with bad intentions. So this critical infrastructure requires increased protection and the ability of water providers to detect, respond to, and recover from physical and cyberattacks.
While reports of cyber water attacks across the nation are unsettling, there are a few takeaways that should bring comfort. First, there have been reports of hackers being able to gain access to applications across the nation, however, in many cases, vigilant water operators have thwarted any potential harm. There’s no clearer demonstration that water professionals are essential workers, and the work they do each day protects us all.
Second, the water sector has been actively addressing cybersecurity issues for many years. In fact, in 2018 America’s Water Infrastructure Act requires utilities to complete a risk and resiliency assessment that must include cyber threats to enterprise systems and process control systems. This analysis is reported to the EPA and covers both the aforementioned risk and resiliency assessment along with an Emergency Response Plan.