Water utilities should remain vigilant: Although most water facility operators have received repeated warnings over the years that they are desirable targets for Russian, Iranian, and Chinese threat actors, experts say these latest incidents underscore the need to remain vigilant and step up security efforts. If water assets owners have “any kind of control system online, it shouldn’t be because it’s at risk for eventually one of these threat actors to do a drive-by and do a video and make a lot of fuss about it,” Fabela says.This kind of message is more likely to spur water utilities toward action because “most of them I’ve talked to are more worried about the call from the FBI than they are about any impact,” he says.The University of Chicago’s Braun thinks the chronically underfunded water utilities should start seriously exploring how to fund more cybersecurity help, “whether that is hiring a CIO or bringing on a consultant to do something to improve their cybersecurity,” he says. For those who can’t manage to raise the funds, there are resources in the US, such as the DEF CON Franklin project, which Braun also spearheads, that provides free volunteers and cybersecurity tools. “We’re free, and we’ll always be free and happy to help advise water utilities on how they can secure themselves,” Braun says.For utilities located outside the US, Braun recommends the Cyber Peace Initiative, which also offers free resources to utilities.No matter how they work it out, water utilities must start paying closer attention to cybersecurity. “Water is one of the most important kinds of life-maintaining critical infrastructure sectors,” Braun says. “It is the one that is both the most essential and at the same time least protected.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4042449/russia-linked-european-attacks-renew-concerns-over-water-cybersecurity.html
