Translated article.
An increasing reliance on technology in the management of water and wastewater infrastructure has resulted in cybersecurity challenges becoming a major concern in the sector, and which must be addressed to ensure a safe and secure water supply. reliable.
As more critical infrastructure becomes connected to the Internet or accessible to personnel, cybercriminals interested in breaching operational technology (OT) networks are increasingly targeting it to lay the groundwork for future attacks.
A cyber attack on water and wastewater treatment facilities can temporarily halt operations and have enormous consequences, not only for the water authority and the community it serves, but also for the nation's overall economy.
Risks from legacy technologies and insider threats
Many water infrastructure systems still rely on outdated technology and managers often lack sufficient resources. Managers should invest in regularly modernizing and updating their systems and may seek external assistance from cybersecurity experts.
Many employees are also unaware of the risks of cyber attacks, while another threat is current or former employees with malicious intent. Water infrastructure systems are increasingly interconnected and often use third-party vendors and contractors, making them more vulnerable to cyberattacks.
Risk mitigation measures
The specific mitigation measures each facility decides to implement will depend on its unique security risks. However, there are some key mitigation measures that most water infrastructure managers should implement as best practices:
Segmentation into zones: This should be practiced on each floor to help limit access to security systems. For example, an industrial demilitarized zone (IDMZ) with firewalls and data brokers can securely segment the entire plant network from the enterprise network. Additionally, the use of virtual LANs (VLANs) and a Layer 2 or Layer 3 switch hierarchy can create functional subzones to establish smaller trusted domains and simplify security policy enforcement.
Physical access: Many organizations use RFID cards to control access to facilities, but physical access security must go further. Locking and locking devices should be used to prevent unauthorized removal of cables and to close unused or unnecessary ports. Control cabinets should also be locked to restrict walk-in and plug-in access to industrial automation and control system devices.
Integrated Network Security and Protection: CIP Safety™ and CIP Security™ are extensions to the Common Industrial Protocol (CIP), which is the application layer protocol for EtherNet/IP™. CIP Safety allows security devices to coexist on the same EtherNet/IP network as standard devices and enables safe shutdown during a denial of service attack. Additionally, CIP Security incorporates data integrity and confidentiality into EtherNet/IP communications.
Asset and change management: Asset management software can automate the discovery of new assets and centrally track and manage configuration changes across an entire facility, including within security systems. It can detect malicious changes in real time, record those activities, and report them to key personnel. If unwanted changes are made, the software can access archived copies of a device program for quick recovery.
Ensure security through security
The security landscape is constantly changing, so it is important to partner with a trusted company to manage ever-evolving risk.
NHP works closely with Rockwell Automation and Claroty to provide comprehensive cybersecurity solutions beyond network security, and its industrial security portfolio and services will help you assess, implement and maintain ICS security within operations and enable transformation technologies that depend on business connectivity.
Organizations that want to stay ahead of these risks must comply with the latest standards, conduct a comprehensive risk analysis, and implement risk mitigation measures using the latest technologies.
Original source:
https://utilitymagazine.com.au/mitigating-cybersecurity-threats-in-water-and-wastewater/
English 
Spanish