By Peter Chawaga
In a bid to fortify critical infrastructure that has proven to be dangerously susceptible to digital harm in recent months, President Biden has released details that have been eagerly anticipated by drinking water treatment plants.
“The Biden administration announced … a new plan to secure U.S. water systems from cyberattacks, part of a broader effort to defend elements of domestic critical infrastructure from digital threats,” The Hill reported. “The administration intends to implement the plan over 100 days, according to the White House.”
The vulnerability of water systems to this type of attack has become abundantly clear lately. Recent hacking attacks have nearly poisoned drinking water in Florida, the Bay Area, and Baltimore. Even more recently, hackers staged attacks on wastewater facilities in Maine and California.
To combat this rise, the White House and U.S. EPA’s action plan is meant to spur water utilities to integrate new technology that detects cyber-threats to their systems, and to encourage water utility operators and federal officials to share more information with each other about these threats.
“As part of the new plan for the water sector, the EPA and the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security are setting up a pilot program that water utilities can participate in for ICS [industrial control system] monitoring, as well as engaging with utilities that have already adopted ICS monitoring,” per The Hill. “The Biden administration eventually plans to produce guidance for the water sector on ICS cybersecurity.”
The need for enhanced cybersecurity at these most critical centers for drinking water and wastewater is clear to many. And while the proposed White House plan for addressing this need may carry some challenges, many think it is a much-needed step in the right direction.
“There will be challenges given the distributed nature of our nation’s water systems, but with continued and increased levels of collaboration across government and private sector partners, improvements with the resiliency can be made,” Matt Klein, a field chief information security officer, told Security Magazine. “One hundred days is a relatively short amount of time; however, very clear tactical and strategic approaches to safeguarding water resources can be developed and communicated in this timeframe.”
To read more about how water systems prepare against cyberattacks, visit Water Online’s Resiliency Solutions Center.