Recently, prosecutors indicted a man who tampered with his former employer’s computer system.
But this wasn’t just any computer system-
Wyatt T. of Kansas was an employee at the Post Rock Water District.
The utility company provides water to more the 1,500 customers in eight Kansas counties.
Part of Wyatt’s job was to log into the water district’s computer system to monitor the utility after hours.
A few months after he left, the company experienced a remote intrusion into their system.
The person accessing the system shut down the company’s process for ensuring water is safe.
Then, he took action that shut down operations at the facility-
including the steps that affect cleaning and disinfecting procedures.
He allegedly did this with the intent to harm the water.
And prosecutors claim the intruder that logged into the system was none other than Wyatt.
Now he faces one count of tampering with a public water system and one count of reckless damage to a protected computer.
The punishment is up to 25 years in prison and a $500,000 fine.
When it comes to infrastructure, people usually focus on the power grid.
And people worry about the power going out because it’s something that everyone has experienced.
Most people know how to deal with and survive without power. – for a few days at least.
But folks don’t think enough about water like they do power.
And they are typically not aware of these three main issues with our water infrastructure.
According to the intelligence company Intel 471:
“Adversaries see that critical infrastructure is underfunded and undermanaged from a security perspective.”
The problem comes down to paying for security upgrades.
The President recently introduced a $2 trillion infrastructure bill.
Yet, there is no mention of cybersecurity in the breakdown of priorities, which should be a key point of updating infrastructure.
Water utility companies remain neglected for too long.
These companies need more staff, more money, more tools, and more intelligence.
Small utility companies:
Local municipalities handle most water utilities which means small towns often manage water systems with few employees and small budgets.
The operations are different from other utilities, such as electricity or gas.
For example, if you live in Nevada, chances are your power comes from NV Energy.
NV Energy’s owner is Berkshire Hathaway, whose CEO is Warren Buffet. You get my point.
NV Energy has plenty of money to spend on security.
But small-town utility companies may only have one employee.
That person does everything, including IT security.
They may not even have a separate security employee on staff.
If you get your water from a small utility company, consider going to their next public meeting and asking questions about security.
Lack of cybersecurity:
Water utility systems are complex.
You don’t just push a button and get clean water.
One mistake – such as mixing the wrong chemical – can have deadly consequences.
And a former employee, such as Wyatt, would know exactly how to mess something up.
He no longer worked for the utility company but still had computer access is scary.
There was an oversight in IT security.
And these days, outside hackers are targeting water treatment facilities.
In 2015, 25 cybersecurity incidents were targeting the water utility sector.
These cyberattacks ranged from crypto-jacking to ransomware.
And just last year, an Iranian hacker offered to sell network access to a Florida water treatment facility.
There is no doubt that hackers will focus on water utility companies because they’re soft, easy targets with lax security.
And the incident with Wyatt T. demonstrates how weak most facility cybersecurity is.
But a safe water supply is critical to survival.
We can survive without power a lot longer than we can without water.
And the bad guys know this.
If you don’t have a stockpile of water and a quality water filter, don’t wait another day before starting your stash.