Smart Water Magazine
Connecting Waterpeople

You are here

Cybersecurity priorities for water utilities: a secure basis for transformation and automation

About the blog

Andrew Hollister
Andrew Hollister is Vice President of LogRhythm Labs and Deputy Chief Security Officer (CSO) for EMEA, IMETA, and APJ.

Published in:

Print Edition frontpage


  • Cybersecurity priorities for water utilities: secure basis for transformation and automation

Water utilities are an essential sector that we rely on every day. Like many businesses and critical industries, the water sector is exploring automation to boost efficiencies and reduce operational costs.

According to ResearchandMarkets, the water automation and instrumentation market is projected to reach $14.4 billion by 2027. The introduction of Internet of Things (IoT) and Industrial Internet of Things (IIoT) solutions are transforming the way that water utilities operate, allowing integration of remote sensing, supervisory control and data acquisition (SCADA) and analytical capabilities.

The challenge the water industry is now facing is to ensure investment in automated technologies is matched with appropriate investments in cybersecurity.

The adoption of automated technologies has led to an increased attack surface for water utilities as systems become increasingly dependent on internet connectivity. This has widened the threat landscape, giving bad actors the opportunity to cause widespread disruption, the impact of which may be felt by individuals as much as organisations.

Security vs automation

Across Europe, cyberattacks are increasing in both frequency and severity, and the water sector is no exception. With more attacks hitting national headlines, utilities that introduce automated technologies and processes need to strengthen their cybersecurity posture to protect against a wide variety of threats.

As in every sector, acquiring an appropriate budget to defend against cyber attacks is a significant challenge to security teams in the water industry. With a massive amount of infrastructure to maintain, combined with unpredictable conditions, investments in cybersecurity may be overlooked as a top priority for the water sector.

As water utilities look to introduce more remote functions to reduce costs and free up resources, they need to ensure that their automation efforts are supported by an appropriate level of cybersecurity. This may require deploying additional cybersecurity tooling, supported by the expertise of well-informed cybersecurity teams.

Utilities can address cybersecurity risks with a risk-based approach that goes beyond simply checking the box for regulatory compliance

Utilities can proactively address cybersecurity risks with a risk-based approach that goes beyond simply checking the box for regulatory compliance. This process starts with considering exactly what needs to be protected, and what tactics attackers are likely to employ. They can then prioritise their cybersecurity budgets on the appropriate tools and training to effectively protect their digital transformation efforts.

Investing in Tools – A combined strategy of both preventative and detection technologies is needed to protect against threat actors in the broad threat landscape that organisations face today. By leveraging a comprehensive security platform, analysts can harness intelligent security dashboards and alerts for greater visibility into threat activity. A centralised security platform can empower overwhelmed security teams with contextual analytics, providing insights into threats so that they can reduce noise and quickly secure their environment. It can also simplify analysts’ workflows by establishing a sequential timeline of events.

Investing in Teams - Water utilities can further protect their automation efforts by providing team members with regular cybersecurity training. Cybersecurity is everyone’s responsibility, and empowering employees with the insights to stop an attack will help them to make smarter cyber decisions and improve the overall security posture within the water industry.

Fighting Future Attack Waves

Critical infrastructure more broadly has come into focus as attacks have impacted sectors from pipelines to healthcare and the financial sector. The water industry is no exception and the recent targeting of a UK water utility underlines this point. With the right combination of security tools and staff training, water utilities can create a resilient cybersecurity environment that is equipped to support and protect future innovation efforts.

Subscribe to our newsletter

Topics of interest

The data provided will be treated by iAgua Conocimiento, SL for the purpose of sending emails with updated information and occasionally on products and / or services of interest. For this we need you to check the following box to grant your consent. Remember that at any time you can exercise your rights of access, rectification and elimination of this data. You can consult all the additional and detailed information about Data Protection.