Ensuring the security of water utilities

The growing digitalisation of public utilities have led to a significant rise in cybercrimes and water solutions players are no exception. Calvin Lai, business manager, software and control, Rockwell Automation, outlines the security gap between IT and operational technology (OT), and suggests the best practices in conducting a holistic enterprise-wide security assessment.

Rockwell Automation develops new products and technologies to deliver process control solutions to help maximise productivity while reducing costs.

Increased systems interconnectivity and network accessibility have led to a rise in cybercrimes, threatening the security of both private and public sector assets. Last year, the Australian Cyber Security Centre (ACSC) reported a 15% increase in cyberattacks compared to the previous year. In February 2021, a water treatment plant in Florida was targeted by hackers who leaked a toxic chemical into their water systems.

Public utilities and critical infrastructure such as water treatment facilities are not exempt from security breaches, except those malicious actors can now more easily remotely access and interrupt operations, leading to potentially deadly outcomes. As more organisations across industries embrace technological innovation spurred by the disruptions caused by the pandemic, the speed of this transformation renders their physical information and intellectual property more vulnerable to cyberattacks.

As water solutions providers look to upgrade their systems and operations with the latest technologies, they must place equal importance on their cybersecurity investments.

The convergence of IT and OT
Most existing water facilities were built in the 1970s, with their brownfield operations in dire need of an upgrade after decades of service. Water industry players also face the challenge of integrating legacy systems with new innovations. The increasing convergence of IT and operational technology (OT) means there is no longer an “air gap” between business operations and the technology directly monitoring and controlling industrial equipment, assets and processes.

A common oversight is under-protecting OT systems in network security planning, which makes these systems a convenient “backdoor” for hackers. Older machinery and computer systems built before the age of high-speed Internet can also pose a chink in the armour for ransomware attackers to penetrate. For example, while industrial control systems (ICS) that automate or remotely control processes grant workers more seamless access to an organisation’s system, it also serves as a free pass to an open and unsegmented network for hackers once breached.

The process of aligning and modernising IT and OT priorities may be extensive, complex and time-consuming. However, in the long run, this is an invaluable investment that not only neutralises potential threats but also protects the reputation and viability of a business charged with providing a service as critical as potable water.

The full article is available on the latest edition of Water & Wastewater Asia Mar/Apr 2022 issue. To continue reading, click here.