No cybersecurity program is 100 percent secure. To expand that thought, no electronic communication can be 100 percent secure. Any vendor that publicizes or offers a guarantee should be immediately looked at with skepticism. However, as system owners and operators, it is your responsibility and that of your colleagues to reduce the attack vectors in your system to the point that it requires too many resources for potential adversaries to continue looking for vulnerabilities – whereas they can find an easier target elsewhere.
All too often, water system owners are still using legacy communication methods and devices to connect remote sites to central water plants, thus leaving an open pathway to remotely exploit. I have personally visited numerous public water systems within the Western United States that still do not encrypt any data or communications between sites. In fact, compromising a SCADA system is as easy as knowing the correct dial up phone number to call.
When thinking about connecting and communication security, several action items should be addressed:
Every water system owner wants to deliver safe potable water in a reliable method, while meeting the requirements of both state and federal regulators. Failure to encrypt communications can potentially open an attack vector to compromise the ability of a system owner to provide safe, potable water. Upgrading or enabling secure, encrypted communications between remote water sites and a central plant may prevent an unscheduled service disruption and further add to the integrity of the system. When in doubt, encrypt it out!
About the author: Darian Slywka is the Western Channel Manager for eWON, a Belgium-based industrial remote connectivity company providing secure solutions to OEMs, integrators, and infrastructure projects. His background and education includes environmental engineering, cybersecurity, and business development. He is licensed in water treatment and water distribution and holds numerous certifications in technology, networking, and more. Find him at http://darians.info