By Robin Berthier, Co-Founder & CEO, Network Perception
As the world grapples with escalating cyber threats, the Biden administration has sounded a clarion call to state leaders: bolstering water cybersecurity is not just a priority but an urgent necessity. In March, the Biden administration warned governors that US water and wastewater systems represent an “attractive target” because of their essential nature and frequent lack of “resources and technical capacity to adopt rigorous cybersecurity practices.”
This warning comes at a time when the vulnerabilities of the water sector to cyberattacks have become increasingly apparent, highlighting the need for proactive measures to safeguard one of our most vital resources. In April, American cybersecurity firm and Google subsidiary Mandiant reported that Russian military intelligence hacking operation Sandworm has been linked to a string of recent attackers on water utilities in the United States, including a water system in Texas.
The Biden administration’s directive to state leaders emphasizes several key factors driving the imperative for enhanced water cybersecurity
Heightened Threat Landscape: Cyber threats targeting critical infrastructure, including water systems, have become more sophisticated and pervasive in recent years. Malicious actors, ranging from nation-states to criminal organizations, are actively seeking to exploit weaknesses in water infrastructure to disrupt operations, compromise data, and even endanger public health and safety. The administration’s warning underscores the gravity of these threats and the need for heightened vigilance
Potential for Catastrophic Consequences: A successful cyberattack on water infrastructure could have catastrophic consequences for communities and regions. Contamination of drinking water supplies, disruption of wastewater treatment processes, or tampering with critical control systems could lead to widespread public health crises, environmental damage, and economic disruption. Recognizing the severity of these risks, the Biden administration is urging state leaders to prioritize water cybersecurity as a matter of national security and public safety.
Interconnectedness with Critical Systems: Water infrastructure is intricately interconnected with other critical systems, including energy, transportation, and telecommunications. A cyberattack on water systems could have cascading effects, disrupting not only water supplies but also impacting essential services across multiple sectors. This interconnectedness underscores the need for a coordinated and comprehensive approach to cybersecurity that addresses not only individual water utilities but also their broader interdependencies within the critical infrastructure landscape.
Leveraging Federal Resources and Expertise: The Biden administration is committed to supporting state and local governments in their efforts to strengthen water cybersecurity. Through initiatives such as the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), federal resources, expertise, and guidance are available to assist state leaders in assessing vulnerabilities, implementing best practices, and responding effectively to cyber threats. By leveraging federal support, state leaders can enhance their cybersecurity posture and better protect water infrastructure against evolving threats.
Building Resilience for the Future: As cyber threats continue to evolve, building resilience within the water sector is paramount. The Biden administration’s warning serves as a call to action for state leaders to invest in robust cybersecurity measures, adopt risk-based approaches to threat mitigation, and foster a culture of cybersecurity awareness and preparedness. By taking proactive steps to strengthen water cybersecurity, states can enhance their ability to withstand and recover from cyber incidents, safeguarding water resources for future generations.
In response to the Biden administration’s warning, state leaders must prioritize water cybersecurity as a top-tier concern, allocating resources, and attention commensurate with the gravity of the threat. Collaboration among federal, state, and local stakeholders is also essential to effectively address the multifaceted challenges posed by cyber threats to water infrastructure.
At the tactical level, the verification of network segmentation must continue to be prioritized. As attacks on water and wastewater networks grow in size and complexity, network segmentation divides the network into smaller subnetworks, or segments, and controls access between them. This can be accomplished by implementing firewalls, access control lists, and other security measures to control traffic flow between segments. By properly implementing network segmentation principles to protect critical assets, an organization can limit the impact of a cybersecurity breach resulting in continued operations and improved recovery times.The benefits of network segmentation are numerous and should be prioritized as a cyber hygiene best practice which assists with building a strong cyber resilient program.
By heeding the administration’s call to action and embracing a proactive approach to cybersecurity, state leaders can help secure our water systems against malicious actors and ensure the resilience and reliability of this critical resource.
About the Author
Robin Berthier is Co-Founder and CEO of Network Perception, a startup dedicated to designing and developing highly-usable network modeling solutions. Dr. Berthier has over 15 years of experience in the design and development of network security technologies. He received his PhD in the field of cybersecurity from the University of Maryland College Park and served the Information Trust Institute (ITI) at the University of Illinois at Urbana-Champaign as a Research Scientist.
Robin can be reached at [email protected]. More information about Network Perception can be found at http://www.network-perception.com
