The small Aliquippa water authority in western Pennsylvania, with minimal cybersecurity measures, fell victim to an international cyberattack alongside other water utilities.
According to federal authorities, Iranian-backed hackers targeted equipment used at the plant due to its Israeli origin. The incident at the Municipal Water Authority of Aliquippa has raised concerns among U.S. security officials about the vulnerability of water utilities to cyber threats. This risk has prompted increased attention from both state and federal governments seeking to help utilities and other businesses fortify their cyber-security defenses against such attacks.
Here are 3 ways that we believe water utilities and other similarly equipment-intensive businesses can help to defend themselves against these types of cybersecurity attacks.
Enhanced Cybersecurity Measures: Enhanced security measures include regularly updating and patching software, conducting thorough risk assessments, and employing advanced intrusion detection systems. Also, by enforcing strict access controls and encryption methods, utilities can significantly reduce the risk of unauthorized access and malicious manipulation. Smaller utilities that have not updated their security measures in quite a while can be particularly prone to attack.
Data Classification and Protection: Another defense is regularly updating and backing up critical information related to your company’s infrastructure, operational systems, and customer data. Particularly, for utilities that have limited resources, executive staff should prioritize the protection of high-value and service-critical targets and equipment, so that they can allocate resources more effectively and ensure that essential data remains secure.
Employee Training and Awareness: Effectively educating employees on potential risks, particularly as they relate to the management of data is a cornerstone of any defensible and well-run information governance program. Specific topics include educating employees about cybersecurity (including topics like social engineering and phishing), using backup systems, privacy, and records management. And, regular training sessions and updates are essential for companies looking to stay ahead of evolving cyber threats.
Failing to take proper precautions can not only lead to legal and regulatory liability, significant costs, and embarrassment but can threaten lives – particularly for customers of critical services like water utilities with limited choices, who need access to safe water sources. And, information governance best practices help to provide many of the proactive solutions to prevent or minimize the impact of attempted cyberattacks.