News broke this morning about a hack into a Tampa area water plant. While it appears that the attempt was thwarted and the water safety was not compromised, the incident raises a significant red flag about the danger. This attack is the latest in an alarming trend of targeted attacks on critical infrastructure facilities. Cyber security specialists have long warned that public utilities are easy targets for bad actors because they often use outdated technology. Proactive boards and operators are now exploring ways to examine potential threats and take steps to mitigate the risks to their facilities. There are several options available to expose potential weaknesses as well as means by which to secure them.
According to America’s Water Infrastructure Act of 2018, water districts serving more than 3,300 people must perform risk assessments of “the risk to the system from malevolent acts and natural hazards” by June 30, 2021. In August 2019, the EPA issued guidance on the types of malevolent acts that included any disruption to a system’s ability to provide safe and potable water or threaten public health. This requirement takes the first step in addressing the risks, but may not go far enough to truly protect local water supply.
How is your district protecting itself?