It’s been reported that a hacker virtually broke into a Floridian water treatment facility and briefly increased the levels of sodium hydroxide in the Pinellas County water supply. Fortunately, onsite operators noticed the spike and reduced it right away, keeping the public from risk of increased levels of poison in their water. This is just the latest story in a seemingly never-ending supply of them that have to do with public utilities being at risk from cyberattacks. Today, we will take a look at this issue.
Today, most systems are not only run through the use of computers, they are perpetually online so that remote operators have access to manage these systems. This provides hackers a wider-range of opportunities to carry out attacks against public infrastructure. Despite the massive amount of capital invested to ensure that these systems remain secure and reliable, all it takes is one situation to cause a great deal of public harm. The event in Florida just accentuates how important the security protecting these systems is.
Over the past year, more people have been asked to work remotely to help keep the COVID-19 pandemic from spreading. This has not only led to more people working remotely at jobs that would typically require on-site staff, it also has helped push a degree of automation (using artificial intelligence and machine learning) to help identify incongruencies and threats to critical IT systems. This means that more people are relying on unfamiliar tools to do their jobs remotely. One can understand how this can lead to some confusion when trying to thwart very specific and targeted attacks.
A recent report from the Ponemon Institute suggests that threats against utilities are becoming shockingly more sophisticated. 54 percent of utility managers stated that they expect to have to deal with at least one cyberattack on critical infrastructure in 2021. That means that half of the people that work in electricity, water treatment, solar and wind, and gas think that they will be directly dealing with a major event triggered by a cyberattack this year. That’s completely unsettling considering how important these systems are to the sustainability of our society.
This is where it gets a little tricky. Utility companies spend a lot of time and resources securing infrastructure. There’s a reason most of these places are surrounded by razor wire. To secure themselves against cyberattacks, however, they are taking much the same approach that your average enterprise would. They will try to secure systems by learning from past mistakes, innovating the tools they use, and simply being more vigilant.
Some innovations to speak of are similar to the ones you might see at your business. Using the integration of AI to actively search for and identify threats can end up being quite beneficial. AI can go through a lot of data extraordinarily quickly, meaning that it can identify potential problems quicker and thwart bad actors’ attempts at sabotage. Another technology that is being used in energy distribution is the Internet of Things. Utility companies are starting to utilize smart meters that modulate the flow of electricity and water. While you’d think that the integration of IoT devices would actually make the systems less secure, utility companies identified that from the outset and spent time and resources securing those systems before they were ever deployed in the field.
Protecting our utilities has to be essential not only for utility companies, but also for society as a whole. What are your thoughts? Should the public subsidize utility companies for their cybersecurity? What moves would you make? Leave your thoughts in the comments section below.