News Feature | December 10, 2013

Cyber Attacks Up By 60 Percent At Water Utilities

Sara Jerome

By Sara Jerome


Water and wastewater utilities are experiencing a growing number of cyber attacks. 

That's according to data collected by the Repository for Industrial Security Incidents (RISI), an industry-wide organization devoted to tracking cyber crime. They published the data in the 2013 Report On Control System Cyber Security Incidents. 

RISI said cyber incidents experienced by the water and wastewater industry have gone up by 60 percent in recent years. 

Michael Deane, the executive director of the National Association of Water Companies, explained this week in the Huffington Post that, for water utilities, "a cyber attack could hone in on four different threat vectors: chemical contamination, biological contamination, physical disruption and interference with the highly-specialized computer systems controlling essential infrastructure known as Supervisory Control and Data Acquisition (SCADA) systems."

He applauded the public and private sector for "coming together” to provide secure networks in critical infrastructure systems.

"While efforts to develop cyber-related standards in our sector are ongoing, private water companies have made particularly great strides in minimizing their risk of exposure to cyber-related incidents and events," he said.

They have accomplished that by "by leveraging a voluntary public-private partnership model with government and industry stakeholders to implement meaningful cyber protocols and protections in order to secure the communities they serve," he explained. 

The problem is prevalent at utilities. "America's water and energy utilities face constant cyber espionage and denial-of-service attacks against industrial-control systems, according to the team of specialists from the U.S. Department of Homeland Security," Network World reported.  

The EPA urges water utilities to get strong cyber security systems in place: "A cyber attack causing an interruption to drinking water and wastewater services could erode public confidence, or worse, produce significant public health and economic consequences."

The National Institute of Stands and Technology (NIST) released a new cyber security framework this year. Water interests have weighed in heavily on the development of NIST’s cyber security framework. Earlier this year, the agency collected comments on how to improve cyber security for critical infrastructure, and various water stakeholders voiced their views.

For in-depth cyber security coverage from Water Online, click here