Connecting Waterpeople

You are here

Cyberattack to British water operator raises concerns about vulnerability

  • Cyberattack to British water operator raises concerns about vulnerability

A British water company experienced a criminal cyberattack earlier this month, prompting concerns about the vulnerabilities of water utilities as Europe endures a severe drought, informs The Wall Street Journal.

South Staffordshire PLC, which provides water to 1.6 million customers, said the attack involved unauthorised third-party access to their systems, but did not have an impact on their ability to provide safe water.

Johan Claessens, a security officer at Dutch utility Water-link, said a cyberattack can be particularly disruptive during drought, as companies do not have a competitor that can provide water to customers if necessary: “We don’t have the luxury to have suboptimal production for an extended period of time”. Hackers tend to take advantage crisis situations to pressure companies. Thus, attacking water companies during a severe drought would be akin to using ransomware against hospitals during the pandemic.

Last year a drinking water treatment plant in the city of Oldsmar, Florida, suffered an attack by hackers which attempted to change the amount of chemicals entering the water system.

Awareness of cybersecurity risks has grown in recent years as technology and digitalisation processes have transformed the water sector. However, managing cyber risks is often a challenge, specially for small water operators or public utilities with tight budgets. As Lee Forsgren, a former deputy assistant administrator for water at the U.S. Environmental Protection Agency (EPA), put it: “Frequently, the person who handles cybersecurity is the same person who operates the system and cuts the grass, so coming up with intricate technical solutions is going to be a challenge”.

The EPA is expected to issue a cybersecurity rule for critical water facilities, while experts from the water industry have called for increased resources for the EPA to address cybersecurity, including hiring experts and providing funding to utilities.

In Europe, the EU Agency for cybersecurity, ENISA, works to increase the resilience of critical infrastructure to cyber threats. But Evangelos Ouzounis, head of policy development and implementation, highlighted the difficulty of water providers to keep up with other sectors: “We deal with thousands of small companies in this field. That makes progress very difficult.”

Subscribe to our newsletter

Topics of interest

The data provided will be treated by iAgua Conocimiento, SL for the purpose of sending emails with updated information and occasionally on products and / or services of interest. For this we need you to check the following box to grant your consent. Remember that at any time you can exercise your rights of access, rectification and elimination of this data. You can consult all the additional and detailed information about Data Protection.

Featured news