Remote alarm notifications add firewall as utilities face mounting threats of cyberattacks

Municipal utilities are critical to national security, economic stability, and public health and safety. As technology in these sectors evolves, cyberattackers take advantage of opportunities to exploit vulnerabilities. While the Federal Government has taken steps to address this issue by creating innovative public-private partnerships and initiatives, the worldwide attacks on municipal utilities in the past year have virtually doubled. Additionally, because of the geopolitical unrest, cyberattacks have become such a threat that President Biden has urged private sector partners to immediately harden cyber defenses.

Although replacing legacy systems and networks can be extremely costly, it is essential to work with vendors and cybersecurity experts to implement updates and, if necessary, overhauls of outdated systems. Invoke the help of internal or external advisors to prioritize risks and develop a realistic approach and plan for enhancing cybersecurity. At a minimum, utilities must comply with basic standards including restricted physical and technical access, firewalls, logging and encryption.

Many Supervisory control and data acquisition (SCADA) systems are simply over-exposed to the internet by remote desktop applications (e.g. RDP and TeamViewer). To offer process and asset information to operators, organizations have provided much more, ignoring the principle of least privilege and opening their entire control systems and their hosts to remote desktop access by unnecessary parties. Such broad remote access techniques present an increased security risk for organizations, a risk that Oldsmar experienced firsthand when an improperly secured TeamViewer application allowed an unauthorized party to increase the amount of sodium hydroxide being added to their water treatment process.

To read the complete article, visit American City & County.