Cybersecurity – one of greatest threats to water utilities.

Water is the essence of life. In our everyday life, it is an invisible indispensable resource, whose existence is noticed when it is time to pay the water bill or when water doesn’t come from the faucet. What would happen if an external force would hack into water utilities’ systems, with the aim to disrupt or stop water flow altogether. There are even more frightening scenarios.

Threat to everyone
For the past years, there has been a lot of discussion about cyber security, even here in the Nordics when Sweden warned our top government officials that they had possibly noticed intruders. In Finland in the last three months the financial sector and telecom industry have both suffered service disturbances due to hackers. Recently, a cyberattack on a steel factory in Germany caused large-scale damage, when production systems were hijacked by unknown individuals. On top of individual attacks, the general political stability is deteriorating in Europe, due to multiple escalating situations in many corners of the world. Even regular people are worried about information war and cyber security, as everyone is becoming aware of what it means when our personal data is misused for sinister purposes.

As cyber crime continues to grows into the threat of cyber terrorism, water utilities may be targets – and water utilities are poorly prepared.

Unaware of problems
The same threats apply to water utilities as to any infrastructure service provider in energy, finances, transport or telecommunications. What water utilities guards dearly, i.e. customer billing information, is actually of little interest to outsiders. However, the key systems that upkeep the distribution, safety and quality of water, are of most interest to outside forces and currently the most vulnerable. Infiltration and hack tests made in several countries showed that water utilities were not even aware of shortcomings in security, which made it very easy to infiltrate into key systems.

Old systems are the problem

Once in, intruders can take control of key processes; start and stop machines, change users’ rights and even build back doors for later system exploitation. One of the central problems and main reasons why it is easy to break into systems are the old SCADA systems, which were developed in the 1980’s before security issues were properly recognized. These systems can rarely be updated to current security standards, yet they continue to be the main backbone of many water utilities and simultaneously their weakest link.

Even the most up to date security measures alone are not enough to stop a skilled hacker, and not nearly enough against hostile governments. An external force can cause complete chaos by taking a water utilities company into control and disrupt, sabotage or even stop water distribution completely. Water utilities should take this threat seriously and upgrade technical solutions and processes to the 21st Century. Nobody even dares to imagine what terrorists could cause if they decided to attack civilian targets en masse. Water utilities seems to be one of the easiest targets.