Blog Date: 10/6/2017
Author: Ray Coulombe

In fact, the ASIS Crisis Management and Business Continuity Council helps promote crisis management, business continuity, and organizational resilience standards for best practices worldwide. They aim to be ASIS’s authoritative source for the most reliable crisis management and organizational resilience knowledge and support the objectives of ASIS International by providing access to superior quality crisis management and resiliency education. You can see more about how ASIS responded to the disaster here.

But is it only in times of natural disaster that we need to worry about security of our infrastructure?

In 2016, the U.S. Department of Justice indicted an Iranian national for repeatedly obtaining unauthorized access to the industrial control systems of the Bowman Dam in New York State. The attacker gained information regarding the status and operation of the dam, including the gate responsible for controlling water levels and flow rates. This access could have had led to potentially devastating effects, like a flood, but fortunately, the gate was disconnected for maintenance during the time of the attack.

But chances are slim that we will always be that lucky?

An attack on the nation’s water infrastructure, including 160,000 public drinking water systems and 16,000 public wastewater systems according to the Department of Homeland Security, is a distinct possibility. Water systems are becoming increasingly connected, creating opportunity for attackers to cripple or contaminate the system and cause major disruption. Let’s call this category “unnatural disasters”.

In response to this type of threat, the U.S. National Infrastructure Advisory Council was commissioned by the president’s National Security Council to review the federal government’s capability to secure critical infrastructure against cyberattack.

Overall, we need to find ways to better assist owners and operators of water facilities and dams to scan and sanitize their systems of any existing malware, encourage growth of cybersecurity expertise, heighten deterrence against criminal and nation-state hackers, enhance actionable information sharing, including of classified intelligence, and further assist even the smallest operations to make cyber improvements. This is all in addition to the lowest hanging fruit – educating employees to be cyber-aware. While technology can help protect against, and recover from, cyberattacks, there is no one magic technological solution and ultimately protecting the nation’s water system requires that both the government and the private sector step up their security efforts! It’s an ongoing process.

Back to Blog List