Recently, prosecutors indicted a man who tampered with his former employer’s computer system.
But this wasn’t just any computer system…
Wyatt T. of Kansas, was an employee at the Post Rock Water District.
The utility company provides water to more the 1,500 customers in eight Kansas counties.
Part of Wyatt’s job was to log into the water district’s computer system to monitor the utility after hours.
A few months after he left, the company experienced a remote intrusion into their system.
The person accessing the system shut down the company’s process for ensuring water is safe.
Then, he took action that shut down processes at the facility.
This included the steps that affect cleaning and disinfecting procedures.
He allegedly did this with the intent to harm the water.
And prosecutors claim the intruder that logged into the system was none other than Wyatt.
Now he faces one count of tampering with a public water system and one count of reckless damage to a protected computer.
The punishment is up to 25 years in prison and a $500,000 fine.
When it comes to infrastructure, people usually focus on the power grid.
And people worry about the power going out because it’s something that everyone has experienced.
Yet, this also means that most people know how to deal with and survive without power – for a few days at least.
But folks don’t think enough about water like they do power.
And they are typically not aware of these three main issues with our water infrastructure.
According to the intelligence company Intel 471:
“Adversaries see that critical infrastructure is underfunded and undermanaged from a security perspective.”
The problem comes down to paying for security upgrades.
The President recently introduced a $2 trillion infrastructure bill.
Yet, in the breakdown of priorities, there is no mention of cybersecurity.
This should absolutely be a key point of updating infrastructure.
Water utility companies have been ignored for too long.
These companies need more staff, more money, more tools, and more intelligence.
Small utility companies:
The majority of water utilities are handled by local municipalities.
This means water systems are often managed by small towns with few employees and small budgets.
This is different from utilities such as electricity or gas.
For example, if you live in Nevada, chances are your power comes from NV Energy.
NV Energy is owned by Berkshire Hathaway, whose CEO is Warren Buffet. You get my point.
NV Energy has plenty of money to spend on security.
But small town utility companies may only have one employee.
That person does everything, including IT security.
They may not even have a separate security employee on staff.
If you get your water from a small utility company, consider going to their next public meeting and asking questions about security.
Lack of cybersecurity:
Water utility systems are complex.
You don’t just push a button and get clean water.
One mistake – such as mixing the wrong chemical – can have deadly consequences.
And a former employee, such as Wyatt, would know exactly how to mess something up.
The fact that he no longer worked for the utility company, but still had computer access is scary.
Clearly, there was an oversight in the IT security.
And these days, outside hackers are targeting water treatment facilities.
In 2015, there were 25 cybersecurity incidents targeting the water utility sector.
These cyberattacks ranged from crypto-jacking to ransomware.
And just last year an Iranian hacker was offering to sell network access to a water treatment facility in Florida.
There is no doubt that hackers will focus on water utility companies because they’re soft, easy targets, with lax security.
And the incident with Wyatt T. demonstrates how weak most facility cybersecurity is.
But a safe water supply is critical to survival.
At the end of the day, we can survive without power a lot longer than we can without water.
And the bad guys know this.
So, if you don’t have a stockpile of water, and a quality water filter don’t wait another day before starting your stash.