A well-functioning water- and wastewater system is a necessity in modern society, yet often something we take for granted. New technology such as innovative sensors, the Internet of Things (IoT), machine learning and artificial intelligence (AI) has made it possible to digitalise large parts of the industry. These developments have helped ensure more efficient and safer operations and water delivery. However, technological development has its downsides as well. With digitalisation and IoT comes new security challenges. How can the we ensure that our water remains safe and secure?
Increased digitalisation has proven to have many benefits. More efficient and streamlined processes have resulted in reduced costs, better monitoring of plants, and quicker response times in emergencies. At a time where the western world has no choice but to realise that clean tap water is not to be taken for granted, technology and digitalisation can contribute to better control and overview of resources. Simultaneously though, this development has led to new digital threats, for instance hacking.
“As with other critical infrastructure, there is a real fear that our drinking water may become a target for cyber criminals. Hacking is one of the potential threats that should be taken seriously, even though, security breaches at water plants are still rare, thankfully,” says Mike Loginov, Powel’s Chief of Cyber Security. “Up until now, serious situations have been avoided, although we have seen examples of hacker attacks on water plants.”
The question then, is this; How do water companies, water plants and local authorities ensure that they utilise the technology in the best possible way to secure water delivery whilst protecting themselves and inhabitants against possible digital threats?
“When it comes to securing ICT-systems and the information within those systems, your initial concerns should be to secure confidentiality, integrity and availability. For Powel, it is important to look at information security in relation to these three axes, both in developing our solutions and in how they are run,” says Jon Røstum, Head Strategist in Powel Water.
Confidentiality has to do with securing that information is available only to those with authorised access. Examples of loss of confidentiality are hackers getting access to confidential information that is stored or that network data ends up in the wrong hands.
“Although it sounds both obvious, I cannot stress the importance of good passwords and good routines enough. This is very important! Passwords should not be shared, and they should not be easily available to anyone outside those granted access. Nor should they be easy to guess, people know this, yet Password123 is still one of the most common passwords,” says Røstum. “We keep seeing examples where poor password routines have led to security breaches. Not specifically in the water sector, but in general. These security breaches may both cause financial losses and contribute to creating fear, yet in many cases they can easily be avoided if there are routines in place and these are being followed.”
Integrity and availability
Integrity is something of importance to most people to varying degrees. When it comes to integrity in relation to computer security, we are talking about ensuring that outsiders are not able to gain access and change information, or systems that process information. In short; integrity is about ensuring that information, methods and calculations are accurate and complete.
Loss of integrity happens when hackers log onto systems and change the information stored within them. The consequences of such a breach can be anything from something harmless to situations that can potentially cause a great deal of harm. Should a hacker be able to log into and take control over a pumping station, for instance, or the dosage of chemicals in the drinking water, you may suddenly find yourself in a very serious situation.
“One last area you should ensure you have covered is availability. This means ensuring that authorised users have access to information and relevant resources whenever they need it. If the operator is unable to log onto the system as and when needed, you may have a problem. As such, contingency planning is important to ensure that the network register is available even when communications are down,” finishes Røstum.
These and other relevant issues are only some of what Powel Security Services can assist you with. Through relatively simple steps, such as training and testing of systems and routines, we can help the water sector remain safe and secure.