Remote alarm notifications add firewall as utilities face mounting threats of cyberattacks
Municipal utilities are critical to national security, economic stability, and public health and safety. As technology in these sectors evolves, cyberattackers take advantage of opportunities to exploit vulnerabilities. While the Federal Government has taken steps to address this issue by creating innovative public-private partnerships and initiatives, the worldwide attacks on municipal utilities in the past year have virtually doubled. Additionally, because of the geopolitical unrest, cyberattacks have become such a threat that President Biden has urged private sector partners to immediately harden cyber defenses.
Remote alarm notification software offers additional security
A report by the American Water and Works Association, “Cybersecurity Risk & Responsibility in the Water Sector,” states that “…Failing to address cybersecurity risk in a proactive way can have devastating results. Failing to take reasonable measures and employ best practices to prevent, detect, and swiftly respond to cyber-attacks means that organizations and the people who run them will face greater damage—including technical, operational, financial and reputational harm—when the cyberattacks do occur.”
Utilities face myriad challenges to managing cyber risk due to varying infrastructure and entities of vastly different sizes, capabilities, resources and types of ownership. However, turning to additional technology is one answer.
Although replacing legacy systems and networks can be extremely costly, it is essential to work with vendors and cybersecurity experts to implement updates and, if necessary, overhauls of outdated systems. Invoke the help of internal or external advisors to prioritize risks and develop a realistic approach and plan for enhancing cybersecurity. At a minimum, utilities must comply with basic standards including restricted physical and technical access, firewalls, logging and encryption.
Many Supervisory control and data acquisition (SCADA) systems are simply over-exposed to the internet by remote desktop applications (e.g. RDP and TeamViewer). To offer process and asset information to operators, organizations have provided much more, ignoring the principle of least privilege and opening their entire control systems and their hosts to remote desktop access by unnecessary parties. Such broad remote access techniques present an increased security risk for organizations, a risk that Oldsmar experienced firsthand when an improperly secured TeamViewer application allowed an unauthorized party to increase the amount of sodium hydroxide being added to their water treatment process.
To read the complete article, visit American City & County.