Many water and wastewater utilities, particularly small systems, lack the resources for a cyber security program. Many utility personnel may believe that cyber attacks do not present a risk to their systems or feel they lack the technical capability to improve their cyber security.
Florida Hack
In 2021, hackers accessed the water treatment plant of a small Florida city. According to the Tampa Bay Times, the intrusion lasted only three to five minutes. At that time, the sodium hydroxide level being fed to Oldsmar, Florida, changed from 100 to 11,100 parts per million. An employee took five and a half hours to notice the change.
“This is dangerous stuff,” Pinellas County Sheriff Bob Gualtieri said at a news conference. Consumed in large quantities, sodium hydroxide can cause vomiting, chest and abdominal pain, skin burns, and even hair loss, according to the Centers for Disease Control.
Kansas Rural Water
In April of this year, a U.S. grand jury indicted a 22-year-old man for allegedly hacking the computer system of a rural water utility in Kansas and shutting down processes that affect procedures for cleaning and disinfecting water.
Federal prosecutors allege in an indictment that Wyatt Travnichek logged into Ellsworth County Rural Water District’s computer system in 2019 as part of an “unauthorized remote intrusion” that resulted “in the shut-down of the facility’s processes.”
Widespread Danger in Drinking Water Safety and Cyber Security
Water might be the most vulnerable U.S. critical infrastructure to hackers. It’s the hardest to guarantee everyone follows cyber security steps and the easiest to cause significant, real-world harm to many people.
According to the Cybersecurity and Infrastructure Security Agency (CISA) survey, only several hundred out of more than 50,000 across the U.S. choose to use CISA’s services. The survey also noted that as many as 1 in 10 water and wastewater plants had recently found critical cyber security vulnerabilities. More than 80% of the significant vulnerabilities that the surveyed facilities had were software flaws discovered before 2017, indicating a rampant problem of employees not updating their software.
There is hope and help.
Utility personnel can follow basic cyber security best practices as long as they have cyber security specialists audit their system and provide cyber hygiene training for their employees.
At Commonwealth Sentinel, we can evaluate your existing IT security and work with your team to improve it. We can also provide a complete source of services. At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things. Contact us today or sign up for a free consultation.
At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things.