Guarding Our Water: Addressing Cybersecurity Risks in Public Water Systems
Cybersecurity is a growing concern for many sectors, but for public water systems, the stakes are even higher. Recently, over 82 million people’s drinking water systems were found vulnerable to medium or low-threat cyber risks. This critical issue puts the spotlight on the pressing need for entrepreneurs and small business owners involved in this space to bolster their cybersecurity measures.
Unveiling Water System Vulnerabilities
An eye-opening report from the US Environmental Protection Agency’s (EPA) Office of Inspector General (OIG) revealed alarming cybersecurity vulnerabilities across the nation’s water systems. Out of 1,062 water systems assessed, 97 had either critical or high-risk cybersecurity weaknesses, directly impacting 26.6 million people. Even more striking is the additional 211 systems with medium and low-threat vulnerabilities, affecting over 82.7 million residents.
The potential for disruption is significant. Entrepreneurs in the water services space must assess their systems’ cybersecurity posture and take proactive measures to protect against these vulnerabilities. For a deeper understanding of this issue, Bruce Schneier offers a comprehensive look at cybersecurity frameworks for public entities, providing valuable insights for strengthening defenses.
The Challenge of Incident Reporting and Response
One surprising finding was the lack of a dedicated cybersecurity incident reporting system within the EPA for water and wastewater systems. This gap in communication and coordination can hinder timely responses to cyber incidents. Instead, the EPA relies on the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), although the effectiveness of this arrangement has been questioned (see the full report by the National Infrastructure Advisory Council).
Small business owners and entrepreneurs should consider establishing their own reporting protocols while advocating for systemic improvements at the federal level. This will not only protect their operations but also contribute to a more robust national defense against cyber threats.
The Rising Threat of Cyberattacks
Cyberattacks on water systems are not just hypothetical threats—they’re a reality. High-profile incidents like the cyberattack on American Water and the Municipal Water Authority of Aliquippa underscore the urgency. The frequency and sophistication of these attacks are growing, and it is crucial for water system stakeholders to stay vigilant.
The EPA has consistently highlighted these risks, underscoring the need for increased security measures. Their active communication with state authorities serves as a crucial reminder for businesses and stakeholders to remain informed about potential threats and understand the importance of cybersecurity in safeguarding public resources.
Building Resilient Water Systems
As Dominique Joseph from the EPA pointed out, focusing on long-standing concerns related to cybersecurity in the water sector is essential. Entrepreneurs and small business owners can initiate change by proactively incorporating risk management strategies and incident response plans. The Cybersecurity and Infrastructure Security Agency’s framework offers guidance on protecting water infrastructure, outlining best practices tailored specifically for this purpose.
Conclusion: A Call to Action
Entrepreneurs and small business owners in the water sector stand at a critical juncture. The OIG’s report is more than a wake-up call—it’s an opportunity to fortify our water systems against potential threats. By learning from experts and leveraging available frameworks, businesses can play a definitive role in protecting one of our most essential resources: clean, safe drinking water. The time to act on cybersecurity weaknesses is now, ensuring both business continuity and public safety.