How water utilities can protect their data from cyber attacks
Article | April, 2019
The water industry is becoming increasingly more efficient thanks to interconnected grids and cloud-based operations, as well as the Internet of Things (IoT). However, the same digital technologies and data that are increasing efficiencies could also pose a significant risk to water utilities’ critical infrastructure and operations if they are not adequately protected.
Despite the overwhelming benefits, the increase in digital technologies in the water industry has created an environment that is more open to attack by cybercriminals who can cause large scale disruption if data or network operations are breached.
The 2016-2017 Queensland Audit Office Report, Security of Critical Water Infrastructure, stated that it is common practice for water service providers to secure their financial systems, but they don’t always secure the computer systems that control their operational infrastructure.
The report says that ‘failure or security breaches in these control systems can have major consequences for the health of citizens, the environment, and the businesses that rely on these services’.
The evolution of the Internet of Things (IoT) and the use of the cloud means that a growing number of devices are connected, making them susceptible to attack. The challenge for utilities is to protect the systems from potential attacks, while still taking advantage of the significant efficiency benefits of this new technology.
With such critical assets being left potentially vulnerable, the best way for water utilities to protect their operations is to use trusted services and technologies that can manage cyber security and protect valuable data.
Water utilities not only need to consider the risk of malware, viruses and physical security threats from international servers, but it’s important to know where and how their data is stored, and at what level their information and technology is protected.
A multi-level approach to data security
In order to minimise exposure risks and adequately protect both data and critical infrastructure, water utilities need to implement multiple cyber security strategies at every data layer. These ‘layers’ can include private cloud networks, private addresses for assets and devices, military grade encryption and secure socket layers (SSL) for inter-network connections.
Having up-to-date protection over data and infrastructure at all levels is vital to successful security. With cybercriminals’ tactics constantly evolving, data security is an issue that needs to be maintained, rather than solved.
For this reason, it’s important that the companies water utilities work with, and the technologies implemented in their network, are compliant with the Australian Government’s Australian Signals Directorate cloud computing security risk profiles, which evolve at the same rate that new data security threats emerge.
With governments across the globe struggling to legislate data protection, many now require all critical data to be securely maintained onshore. Therefore, when water utilities are engaging a company to assist with cloud-based solutions for water assessment and management, it’s important to confirm if the data will be contained within the relative safety of Australian borders, using up-to-date protection methods.
Key ways to keep data safe
One Australian company that knows firsthand the importance of cyber security is TracWater, who provides information-as-a-service to water utilities through battery-powered cloud-based water quality monitoring products.
TracWater’s water quality sensors are fully integrated with the cloud so they are able to monitor every part of a network in real time and utilities can access this data instantly on any device, using only the internet.
TracWater’s CEO, Len McKelvey, said that while it’s vital that utilities’ water quality is managed in real time, the data must also be protected.
“Water utilities need to be prepared for the very real possibility of cyber security threats. In order to keep their data safe, it’s important for utilities to keep track of data security threats. This requires skillful resources, both in well-known and emerging cybersecurity streams,” Mr McKelvey said.
“TracWater’s innovative manufacturing designs are combined with AI machine learning, as well as the use of the latest IoT technology, allowing us to present data in one secure, centralised, and remotely accessible location.
“To maintain the highest standard of data security, all of TracWater’s data is kept within Australia and we fully comply with the Federal Government Australian Signals Directorate’s cloud computing security risk profiles and guidelines, allowing us to eliminate the risks associated with using internationally-based servers.
TracWater’s water quality data, which is supplied as Information-As-A-Service, is the convergence of electronic security with cyber security. It is a specialised area of information and
telecommunication technology that they take care of seamlessly for their clients.
“Water utilities must make sure all the companies they work with in this space comply with these guidelines, keep their data within the country and deploy multiple strategies at every data layer,” Mr McKelvey said.
With a multi-level approach to cyber security, Australian-based servers and up-to-date knowledge of security threats, water utilities can be assured that their assets are not only being monitored, but just as importantly, protected.