On February 5, 2021, Oldsmar, Florida’s water treatment plant operators found themselves under attack. A hacker infiltrated the facility’s system and attempted to increase the water’s level of sodium hydroxide to over 100 times its normal amount. While sodium hydroxide is commonly used in water and wastewater treatment to remove heavy metal particles, large amounts of sodium hydroxide are poisonous to humans and can be deadly.  

While not the first of its kind, this cyber breach brought the imminent threat of cyberterrorism into the national spotlight.  

“This incident is opening a lot of people’s eyes because public health is connected to systems that have cybersecurity vulnerabilities,” said Miranda Mello, a senior water supply engineer at the Department of Natural Resources, regarding the cyberattack.  

The U.S. Cybersecurity and Infrastructure Security Agency notes that around 75% of the U.S. population relies on public wastewater services, while over 80% of the country’s population receives potable water from public water services. According to CISA, a targeted cyberattack could result in “large numbers of illnesses or casualties and/or a denial of service that would also impact public health and economic vitality.”

Two years after the Oldsmar incident, the U.S. Environmental Protection Agency is sounding the alarm about the increased need for stronger cybersecurity for our utilities.  

According to EPA Assistant Administrator for Water Radhika Fox, “Cyberattacks against critical infrastructure facilities, including drinking water systems, are increasing, and public water systems are vulnerable. Cyberattacks have the potential to contaminate drinking water, which threatens public health.”  

This year, Congress appropriated funds to a new EPA grant program intended to help build public water systems’ resilience in the face of natural disasters and cyber threats. This program provides grants to assist water systems with improving their resilience to extreme weather or expanding their cybersecurity programs. The EPA has also issued new requirements and guidance for public water systems regarding increased cybersecurity measures.  

How to start improving your utility’s cybersecurity

Building cyber resilience may sound intimidating, especially if your crew is already stretched thin. Luckily, there are some simple solutions available that are easily implemented by any utility. 

• Practice good cyber hygiene. Use a unique password for every site you frequent and utilize multifactor authentication whenever possible. 
• Learn how to identify potential scams. Keep an eye out for emails or text messages from unknown senders, particularly those that ask for your personal information. 
• Update your operating system and software. This ensures that your technology has the most recent safeguards in place. 
• Get advice from the experts. CISA, EPA and other agencies offer free cybersecurity resources, including training opportunities, that are available to the public. 

Keeping your sensitive data safe is easy with WinCan sewer inspection software. WinCan offers data backups, secure cloud storage and access control to ensure that your data is protected from cyberattacks and bad actors. 

Request a WinCan software demo today to learn more.