Hey everybody my name is Damon Acton, and I’m the VP for Americas here for Sectrio, wanted this film as a quick video to give an overview of some cybersecurity challenges that plague the water utility sector, so this is water and wastewater treatment.
So just a quick overview of the threat landscape and the news we’ve seen recently that the Florida Water Treatment Facility had someone remotely change the chemical levels. Luckily, an engineer was able to catch it before it got out to the public, but also we’re starting to see more of those more and more of those types of events happen, not just ransomware events where people are trying to steal data from money, but what they refer to as kill, where so these type of events were malicious behavior is done in order to harm people.
You also see in the news lately that water utilities from for the most part ill-prepared to deal with these cybersecurity threats. Very alarming. And last piece here it’s an old report from 2019, but it, but it’s still very relevant, said back then, even the number one fate facing threat for the water sector is cybersecurity-related endeavors, and this is where some APT’s or advanced persistent threats from Russia and other states run hacking groups are specifically targeting water and wastewater treatment facilities so.
What are the key water and wastewater treatment utility’s cybersecurity challenges?
Gravitated to the right. You see, some of those key cybersecurity challenges. Of course, everybody is looking at a number. One thing is uptime, continuity, continuity of services, and avoidance of any type of catastrophic events such as we saw in Florida. It could potentially have a dramatic repercussion. There are also issues to worry about with compliance.
One of the interesting things that I saw two under the Third Point down there is that in the water, wastewater, or water utility sector, that device Discovery device visibility for it and even OT specific assets are a very high priority number one or #2 up there that they don’t know what they have in their network. So you can’t protect what you don’t know that you have.
So the other point is identifying those vulnerabilities in the early detection of threats. A lot of the threats that we see, and we talked to customers, are actually silent in the network for six months or longer before they are found very alarming and also segmentation networks to prevent that lateral movement of malicious behavior. So in the IoT world, he’s starting to see devices that are interconnected in networks that were never intended to be connected originally, so they’re starting to come online these devices 20-30 years in the industry are now online, and they have all these vulnerabilities that they’re bringing with them.
And so we’re seeing that some attackers are tagged targeting these older devices and are now online and use them to move laterally across those networks. So of the challenges is how to concatenate that trafficked, isolated, and the last piece that we see, and we talked to a lot of different customers about these converged networks. So there’s OT and IO T world converging into one centralized conglomerated governed network, and so it’s starting to bring some unique challenges that the IT side of the house necessary can’t address all the problems that the OT side brings. So how do you?
How do you work on mitigating your cybersecurity risk?
The curious to know more. We actually have an on-demand webinar coming up on November 16th at 1:00 PM Central time, so we are going to unpack myself and Kiran, who is the VP of Global VP of Digital Security One pack. Everything about the water utility sector talks about different cybersecurity prevention methods, methodologies, some compliance needs. Some industry driving factors. So please get on the website to book your slot now, and we look forward to seeing you.