Connecting Waterpeople

You are here

Record cyber attacks affecting UK water supplies, study shows

About the blog

Graham Mann
I have been in the Water & Waste Water industry for 30 years and formed a Water Consultancy business called H2o Building Services both myself and my team have built a wealth of knowledge and expertise Saving companies money on their Water bi

Themes

  • Record cyber attacks affecting UK water supplies, study shows

As beneficial as it undoubtedly is being so technologically connected in the 21st century, there are a few drawbacks to be aware of – and one of the main ones is that systems and networks are now becoming increasingly vulnerable to attacks by cyber criminals.

No industry or sector is exempt from this and utility providers need to be increasingly aware of the risks, given that energy facilities – including water – are so critical in terms of both maintaining vital infrastructure to keep society fully operable and protecting public health.

New research from Recorded Future News shows that the UK is certainly no exception when it comes to incidents such as these, with a record number of cases having affected drinking water supplies in 202 without being publicly disclosed.

Data collected by the organisation via a freedom of information request found that all regulated critical national infrastructure sectors in the UK saw more incidents reported than ever before, with the drinking water and transport sectors the most affected.

Although it is of note that the exact nature of the incidents isn’t apparent and it’s possible that they include operational failures as well as targeted attacks by hackers, the water sector saw at least six incidents take place this year that had an impact on drinking water infrastructure.

Under the Security of Network & Information Systems regulations, companies in charge of critical infrastructure have to report any significant incidents within three days or face fines of up to £17 million.

Any incidents relating to the water sector have to be reported to the Department for Environment, Food & Rural Affairs and, with the government now considering updating the cyber security and resilience bill, it’s possible that new disclosure obligations will be pushed through for those in the critical infrastructure industry.

A consultation is now underway into whether a transparency requirement will be introduced to ensure that people are kept up to date on any incidents that put the integrity of digital services at risk. This would help customers understand whether reported incidents were down to operational difficulties or cyber attacks.

Former head of the National Cyber Security Centre Ciaran Martin told the news source: “In general, transparency around major cyber incidents is helpful, but there will be times when secrecy is operationally crucial. The forthcoming legislation is an opportunity to try and get this difficult balance right.”

How do cyber attacks affect water supplies?

Water and wastewater suppliers are particularly attractive targets for cyber crime because local communities are so reliant upon these services in order to operate.

Furthermore, there are many other industries and businesses that rely on undisrupted supply for product manufacture and site operations, such as data centres that require water for cooling services. As such, the consequences could be significant if an attack took place.

But it’s not just disruption that can be caused by cyber attacks and public health can face serious risks as a result if drinking water supplies are contaminated.

In 2021, for example, hackers were able to gain access to a water treatment plant in Oldsmar in Florida where they adjusted the levels of sodium hydroxide from 100 parts per million to 11,100 parts per million.

Although the adjustment was brief, with a member of staff identifying the breach and taking measures to prevent it, had it been successful the attack would have seen the levels of sodium hydroxide increased to a very dangerous level.

It also seems that the size of an organisation doesn’t afford it much in the way of protection, either. You might assume that smaller facilities would be easier for hackers to breach, but in October American water – the biggest water utility company in the US – revealed that it had been targeted in an attack, forced to close down some of its systems as a result.

How can critical infrastructure be protected from cyber attacks?

In order for the water sector to become more resilient in the face of ever-evolving cyber crime threats, it will need to deepen its understanding of the risks and how they can be managed, responding effectively to incidents as and when they happen, enhancing their cyber skills and capabilities, and working closely with the government to shore up systems and prevent serious attacks from taking place.

Architectural design is naturally important, with different systems and networks separated and protective monitoring in place to provide real-time data of what’s happening with devices and networks, cyber security isn’t just the sole preserve of the IT department.

Any member of any organisation can be targeted as part of a cyber attack, which is why it’s vital that suppliers invest in awareness training and campaigns to help prevent serious incidents and disruption.

If your water supplier was recently targeted in an attack and you’re concerned that your company’s private information is at risk, you can consider switching to a different supplier, one that may prioritise cyber security more effectively.

Subscribe to our newsletter

Topics of interest

The data provided will be treated by iAgua Conocimiento, SL for the purpose of sending emails with updated information and occasionally on products and / or services of interest. For this we need you to check the following box to grant your consent. Remember that at any time you can exercise your rights of access, rectification and elimination of this data. You can consult all the additional and detailed information about Data Protection.