Technology Creates New Efficiencies, But Are Water Utilities Prepared for the Security Risk?

Aug 2, 2017 4:00 PM ET

Technology Creates New Efficiencies, But Are Water Utilities Prepared for the S…

Yahoo!, the Democratic National Convention and the U.S. Department of Justice were among the high-profile victims hit by major cyber attacks in 2016. Many people believe it’s only a matter of time before a water utility joins the list. Some consider physical security to be the weak link in ensuring a well-protected water supply; while others worry that the Internet of Things has created an incalculable number of entry points for hackers to create mischief.

The water industry is challenged with near crisis-level aging infrastructure in many parts of the nation, inconsistent revenue, rising costs, justifying rate increases, achieving threat resilience and an aging workforce. Risk and vulnerability assessments can guide resources to the highest priorities.

Download the 2017 Water Industry Report

These advances from increased digitalization promise new water management efficiencies, but they also offer more potential vectors for hackers that can lead to disabling critical infrastructure or releasing personal information.

Such threats haven’t appeared to induce broader investments in systems or applications to lock down these key assets. The 2017 Strategic Directions: Water Industry Report reveals that 57 percent of respondents are spending less than $1 million annually on physical security for water treatment plants and large remote facilities. Another 59 percent reported they’re earmarking less than $1 million per year on cybersecurity for IT. More than a third of survey respondents are spending up to $5 million a year to shore up their security efforts in these two critical areas.

Survey responses, however, provide reasons for cautious optimism that risk and vulnerability assessments are being funded and completed. More than 50 percent of water utility survey respondents indicated they have completed a risk or vulnerability assessment in the past five years. Still, more needs to be done because the industry as a whole appears to be underinvesting in, and undervaluing, security.