As the threat of ransomware has reached new heights in 2021, many water and wastewater organizations across the globe are doubling-down on their defense against the scourge to make sure they have done everything they can to avoid becoming the next victim.
John Sullivan, Boston Water and Sewer Commission chief engineer, for example, said his systems were attacked by ransomware in 2020. While Boston Water and Sewer was able to recover without suffering any compromise of its systems, Sullivan fears many of the nation’s water and wastewater systems managers may not be so lucky should they find themselves staring down a similar fate.
“What if, for example, the intruder (into a water system) was not immediately detected, and was able to manipulate pumps to drain a water tower or restrict distribution to certain areas?” Sullivan testified before Congress this past summer. “Such an outcome not only would have undermined the public’s confidence in their drinking water but would have carried severe impacts on the community’s infrastructure and public health.”
Sophia Oberton, special projects coordinator for the city of Delmar agreed, adding that a takedown of even a small water system, such as the one operating in Delmar, could breed “psychological panic on a national scale as communities fear their own drinking water supply could be threatened.”
“This is why,” she said, “small communities believe that protecting our water supplies from any cyberattack is just as important as protecting large communities.”
Executive Order on Ransomware Protection
Indeed, successful ransomware attacks across the U.S. have proven so visceral this year that they have triggered an executive order from U.S. President Joe Biden, nudging all U.S. businesses to get serious about ransomware protection.
The order calls for federal agencies to “work more closely with the private sector to share information, strengthen cybersecurity practices, and deploy technologies that increase reliance against cyberattacks,” Biden’s order said. “It outlines innovative ways the government will drive to deliver security and software using federal buying power to jumpstart the market…