In February 2021, hackers gained unauthorized remote access to a water treatment plant’s computer system in Oldsmar, Florida, and attempted to increase the sodium hydroxide in the drinking water to potentially dangerous levels. This triggered a new wave of national concern throughout the water and wastewater industry. However, cyberthreats to drinking water systems are nothing new. In March 2019, the Ellsworth County Rural Water District in Kansas was hacked.
While these hacks were mitigated before the drinking water supplies were negatively impacted, these incidents immediately reminded utilities of their own potential cyber vulnerabilities — both known and unknown. As utilities now consider what to do about such vulnerabilities, many will discover a valuable lesson: Cybersecurity risks are similar to other risks that threaten the safety and reliability of water and wastewater treatment services. With appropriate mitigation strategies, such risks can be controlled, delivering benefits that far outweigh the cost of implementing a resilient operational technology (OT) cyber program.
Utilities already factor a wide range of risks and hazards into the design, construction, operation and maintenance of water and wastewater treatment facilities. Now, cybersecurity safeguards should be integrated into these processes as well, with the goal of building greater resiliency into water supplies.