Cybersecurity

On Sunday, a cyber attack on a water utility in Arkansas City, Kansas prompted its treatment facility to revert to manual operations. The city manager, Randy Frazer, confirmed that the water supply remains unaffected and safe, with no disruption to service reported. The plant's manual operation is a precautionary measure to enhance security while the situation is being addressed. Arkansas City has notified relevant authorities and is collaborating with cybersecurity experts to manage the incident, which is believed to be a ransomware attack.

In practice, a microgrid is a miniature version of the main electric grid but has the ability to connect and disconnect its power generation sources from the grid as needed. This makes microgrids a valuable resource for water and wastewater utilities offering redundancy when it comes to keeping the power on. However, while utilities may be using microgrids for a variety of necessary reasons, it’s important to assess the threat landscape that these systems could pose as they can potentially open your utility up to a variety of additional threats and vulnerabilities.

Yesterday, the EPA released “Improving Cybersecurity at Drinking Water and Wastewater Systems”, developed to assist owners and operators of drinking water and wastewater systems with assessing gaps in their current cybersecurity practices.

In today's digital landscape, cyber attacks are not a question of if, but when. Traditional cybersecurity strategies often focus solely on prevention, which may have been sufficient in the past, but is now becoming more and more inadequate. Adopting a cyber resilience framework helps shift this perspective, prioritizing readiness to mitigate impacts and facilitate swift recovery from cyber threats. With the threat of cyber attacks rising, establishing a proactive framework for managing and recovering from threats is essential.