"Water Utilities Ill-Prepared to Deal with Cyber Threats"

The cyberattack on a water treatment facility in Oldsmar, Florida, in which a malicious actor compromised a control system and attempted to taint the municipal water supply, drew further attention to the importance of improving cybersecurity for water utilities. The cybersecurity firm ThreatLocker recently released a report on the unique challenges faced by water companies in trying to strengthen their cybersecurity posture. One of the biggest issues faced by water utilities is the way in which they are structured and funded. Cybersecurity budgets for water utilities have been found to be significantly low. Regarding IT and OT cybersecurity budget allocation, 38 percent of systems allocate less than 1 percent of the budget to IT cybersecurity, and 44.8 percent of systems allocate less than 1 percent of the budget to OT cybersecurity. ThreatLocker CEO Danny Jenkins points out that the lack of investment in cybersecurity at the municipal level raises concern, given the criticality of water resources. In addition to securing IT assets, water utilities must think about the physical systems that are responsible for cleaning and delivering drinking water. Jenkins encourages water companies to implement controls wherever possible to strengthen their cyber defenses in the short term. It is recommended that water companies implement controls to block untrusted software and ensure local administrators enforce restrictions around users. This article continues to discuss the details from ThreatLocker's report on the challenges that water companies face in trying to improve their cybersecurity posture, as well as how these companies can bolster their cyber defenses. 

SIW reports "Water Utilities Ill-Prepared to Deal with Cyber Threats"