News Feature | November 1, 2017

New York Water System Audit Finds Cyberattack Risks

Sara Jerome

By Sara Jerome,

hacker reg new

An audit by New York state found that the water and wastewater systems in the city of Glen Falls may be vulnerable to cyberattacks.

“City officials were faulted for not requiring more complex passwords and mandating that they be changed every 90 days. They also were using software that is no longer updated and did not stay current on new security threats, according to a report from the state Comptroller’s Office,” the Glen Falls Post-Star reported.

The audit occurred as part of a random review of municipalities. Among the problems cited in the audit, which reviewed practices between 2015 and 2017: Employees are not trained on cybersecurity issues and computers connected to water and wastewater networks are used for personal reasons, according to the report.

“In addition, the audit faulted the city for not adopting a policy that prohibits its information technology and wastewater vendors from disclosing city system information on the internet or to prospective clients. Auditors were able to search the internet for system details, which left the city vulnerable to potential attackers,” the report said.

Mayor Jack Diamond said the city responded with a draft plan for addressing the issue. Officials said the city has already scheduled new trainings to address some of the issues.

“We’ve already got some significant improvements, but with security there’s always something more that we can do. We’re still addressing the points raised by the cybersecurity experts with the state Comptroller’s Office,” City Engineer Steve Gurzler said, per the report.

Federal officials are also working to urge water utilities to pay more attention to the rising threat of cyberattacks.

“This will become a greater issue in the future, as more water systems try to cut costs by moving toward full automation,” Bloomberg BNA reported, citing federal aides.

The National Institute of Standards and Technology makes tools available to utilities to help assess cybersecurity risks.

To read more about cybersecurity efforts at water and wastewater utilities visit Water Online’s Resiliency Solutions Center.

Image credit: "hacker-1," iaBeta © 2017, Public Domain: