One would think that the United States of America, one of the largest global powers, has an exceptional security rate for a necessity such as drinking water. Well, think again. Take the recent breach in a suburb of Tampa, Florida. A mysterious hacker was able to breach a water treatment plant in Oldsmar, home to nearly 15,000 Floridians, nearly generating mass poisoning. The mayor may have assured the people it was a one-time scare, but cybersecurity experts believe otherwise. “They view the breach as a case study in digital ineptitude, a frightening near-miss and an example of how the managers of water systems continue to downplay or ignore years of increasingly dire warnings.”
Although the Oldsmar case averted disaster, the next targeted city may not be as lucky, and the consequences of a major water system breach would be calamitous. Moving forward, water utility companies will need to increase their cyberdefense capabilities, as the Cyberspace Solarium Commission’s March 2020 report warned that America’s water systems “remain largely ill-prepared to defend their networks from cyber-enabled disruption.” The EPA’s Water Security Division has just a limited number of people performing cybersecurity work but has written reports to Congress concerning drinking water infrastructure needs. However, if America wants to prevent another water breach, it will be up to the water utility corporations to head the change in the water systems security.
“Grave warnings have sounded for years. As far back as 2011, a Department of Homeland Security alert advised that hackers could gain access to American water systems using ‘readily available and generally free’ internet search tools.” There is still an immense amount of research and work needed to be done to secure safety for America’s drinking water. The first step is acknowledging the problem is real, and the second is developing apt cybersecurity measures to defend against hackers.
More information on cybersecurity and cyber defense can be found on GovShop, a free supplier and contract intelligence platform that provides comprehensive data across all markets. As part of the ongoing effort of Public Spend Forum to connect buyers and suppliers in emerging technology fields, GovShop’s list of suppliers in cybersecurity is accessible here.