Williston Park, NY USA. At a recent Nassau Suffolk Water Commissioners’ Association (NSWCA) meeting, the NSWCA received a thorough update on state-of-the-art IT cybersecurity measures as they apply to the water supply industry and Long Island water suppliers.
Guest speakers Tim McKnight (Melville, NY) and James Tauer (Islip, NY) from Total Technology Solutions (Melville NY) addressed the commissioners. They explained that in 2018, “cyber threats of all types have become more rampant than ever before by an order of magnitude.” According to Mr. Tauer, “in today’s world, we are faced with a case of managing risk and staying a step ahead of those who seek to damage systems and interrupt operations. Leading cyber threats to water districts run the gamut. They can include social engineering and insider threats, malware, phishing and ransomware like the CryptoLocker virus. All of these types of hacking attack cybersecurity and can take a communications network down, or paralyze it or ultimately destroy it.”
The Total team speaks from experience as it represents several NSWCA member water districts on Long Island.
“Cybercrime is the second most reported economic crime in the USA,” Mr. McKnight commented. “In fact, 95% of breached records come from three vital sectors: Government, retail and technology. It’s a dangerous world, but fortunately, more than 90% of breaches are preventable.”
Areas of greatest risk for water districts include unpatched systems, remote access, and poor or weak infrastructure. Lack of password and/or permission management, absence of written policies and little or no staff training make it far easier for hackers to do their nefarious deeds.
Mr. Tauer cited examples of cybercrimes against water providers across the country, and explained essential measures necessary to guard against them and to ensure business continuity. Total’s Layered Defense, he said, “is specifically designed to counter cybercrime. It is comprehensive, overlapping and intentionally redundant to provide the broadest and deepest threat protection. It starts with physical Water District site surveying and network assessment and includes vulnerability scanning and awareness training.”
Mr. Tauer also cited the example of Kemuri Water Company (not its real name due to sensitive nature of breach). Hackers manipulated the chemicals used to assure safe drinking water, and altered water flow rates causing serious disruptions to water distribution.
A spokesman for the NSWCA commented that “we greatly appreciate the in depth information provided by Mr. Tauer and Mr. McKnight. Water Districts are highly visible cyber targets because of the essential services we provide. Cyber awareness training is vitally important to help maintain an uninterrupted supply of the highest quality water which is the responsibility of every one of the NSWCA member Districts.”