Industrial controls governing water-related U.S. critical infrastructure are woefully under-estimated as cyberattack targets. The potential for attack is too great to ignore, with potentially devastating consequences. On Wednesday, the Center on Cyber and Technology Innovation (CCTI) and the Cyberspace Solarium Commission (CSC 2.0) released policy statements based on a recent panel discussion titled “Strengthening the Cybersecurity of American Water Utilities.” Water may be the greatest vulnerability in our national infrastructure, said Samantha Ravich, chair of CCTI. Much of the problem lies in just how decentralized water systems are, she explained. “Each of these systems operates in a unique threat environment, often with limited budgets and even more limited cybersecurity personnel to respond to these threats,” she said. “Conducting federal oversight of, and providing sufficient federal assistance to, such a distributed network of utilities is inherently difficult.” Panelists included representatives from government and environmental agencies, including the Environmental Protection Agency (EPA), American Water Works Association and congresspersons within the United States House of Representatives.
Especially with the rise in hostility between NATO and Russia in the context of the war in Ukraine, threat actors targeting critical infrastructure in the U.S. and EU is likely to be on the rise. Critical infrastructure organizations should step up security measures and increase budgets for cybersecurity, if possible. There are information security firms that specialize in ICS security that may be worthwhile looking into, as securing ICS is an especially niche skillset.