No Results Found

Try changing the filters or search term

Start Typing To Search

< View all Water Utilities News
5 ways to maintain water infrastructure cybersecurity while going digital

5 ways to maintain water infrastructure cybersecurity while going digital

Water Utilities , Making Waves , Digital Transformation , Cybersecurity

By Dr. Kenneth Crowther

Digital transformation in the water and wastewater infrastructure space offers incredible value in the face of increasing challenges – from aging infrastructure to stretched resources. Moving to the cloud and using new platforms to integrate and leverage data shouldn’t feel scary. In fact, when implemented thoughtfully, digital solutions can actually help bolster data and infrastructure security. Here are five tips to help you navigate the digital landscape securely:

1. Understand cybersecurity standards and risks

Knowledge is power – and water infrastructure cybersecurity is no exception. First, it pays to keep up to date with local and global regulations around cybersecurity standards for utilities. While it may seem overwhelming, most local standards are derived from international standards like ISO 27001 and IEC 62443, so familiarizing yourself with those is a good place to start. The US Cybersecurity and Infrastructure Security Agency (CISA) recently published a helpful tool titled “Secure by Demand”. Developed in collaboration with over a dozen international government organizations, it provides tips to help organizations implementing water technologies or other operational technology (OT).

Key point: You shouldn’t go it alone – ask your technology partners about how they keep their platform up-to-date with evolving global standards and local regulations.

Equally important is staying up to date with threat activity. Understanding the latest techniques and activities of bad actors can help you stay one step ahead. Organizations like the Water Information Sharing & Analysis Center (WaterISAC) and the Dragos Community Defense Program (CDP) are bringing utilities together to bolster security and share knowledge.

Both organizations allow utilities to report incidents (anonymously, if preferred) so that the full water infrastructure community can be aware of recent activity. Users of these platforms can also get free resources and training. In fact, Dragos provides utilities with under $100 million in annual revenue free access to cybersecurity training and toolkits, and both AWWA and NRWA provide free training and resources.

2. System visibility enables security awareness

Cyberattacks are increasing as more utilities embrace cloud-based systems. But there’s another side to that coin: without sophisticated digital monitoring and control technologies, it may be difficult to detect attacks or suspicious activity until it’s too late. Traditionally, data is often siloed – even in organizations that have embraced digital technology. This makes it harder for operators to get a full picture of what’s happening in their system. But the right digital applications can remove silos and create a holistic, streamlined view of the entire operation.

Key point: Choose solutions that can integrate data streams no matter the source for more effective monitoring of potential threats and anomalies.

3. Make sure cybersecurity is built into your tech

Each element of your tech stack has the potential to strengthen your security – or be the weak link vulnerable to attack. This is why water infrastructure cybersecurity shouldn't be an add-on to existing and new digital implementations; instead, it must be built into the core of the technologies you choose.

Key point: When evaluating new digital tools or platforms, make sure to ask vendors about their approach to security and how it's integrated into their products.

It's also important to implement additional layers of security – what experts call the "security onion" or the “security layered cake” approach. This involves considering security at multiple levels, from the physical environment to the network, host systems and applications themselves. No single measure is undefeatable, but creating security in layers maximizes protection.

4. Have a response plan

Even with the best preventive measures in place, cyberattacks can occur. That’s why it's crucial to have a robust incident response plan. With thorough training and a good plan, utilities may be able to stop hackers and suspicious activity in their tracks or at least mitigate the damage.

EPA and CISA programs have free tools and resources to help you create and implement these plans, but it also pays to build your response into your digital platforms. Ask each vendor how they will support you in the event of suspicious activity or attacks. Then you can work together to formulate a process specific to their systems.

Remember, the most effective response begins long before an incident occurs. In fact, many cyberattacks are still a result of phishing – a testament to human vulnerability rather than that of digital systems. That’s why it’s crucial to train employees regularly on how to avoid cyberattacks and how to respond to suspicious activity.

Key point: Only work with technology suppliers that provide strong support and employee training programs and are flexible to meet your organization’s unique needs.

5. Select expert partners

Cybersecurity is an ongoing joint effort between an organization’s internal team and their technology partners. Since many utilities are operating without large IT and cybersecurity teams, identifying the most competent solution providers – with both technology and water expertise – is vital.

Key point: Cybersecurity expertise by itself is not enough. Look for partners who not only offer advanced digital solutions but also have a deep understanding of the water infrastructure space and its unique challenges.

Xylem Vue is a digital solution built to help utilities bolster operational efficiency and cost savings, all with best-in-class security protocols in place. The Xylem Vue team stays up to date with evolving water infrastructure cybersecurity standards and makes updates to the platform accordingly. This includes regular security testing to ensure all existing and new deployments are completely secure. What’s more, utilities using this platform get a built-in product security incident response team, and every cloud service is monitored around the clock for real-time threat detection.

Digital transformation offers immense opportunities for water utilities to optimize operations, reduce costs and improve service. By following these tips and partnering with the right experts, you can embrace these opportunities while maintaining robust cybersecurity.

Contact us to learn more about how Xylem Vue can help utilities navigate this digital journey securely.

January 17, 2025

Dr. Kenneth Crowther, Xylem’s Applied Water Product Security Leader (PSL)

Dr. Kenneth Crowther is responsible for establishing processes and programs to ensure that digital products are secure by design and by default. Kenneth was formerly PSL for GE Global Research and Principal Engineer at MITRE, and has been working in the fields of risk-based security for critical infrastructure for over 20 years. He teaches risk management at Georgetown University, serves as an editor for the IEEE Security and Privacy magazine, holds a PhD in Systems Engineering from University of Virginia, and a BS in Chemical Engineering from Brigham Young University.

About Making Waves

Making Waves is news from Xylem, a leading global water technology company. Xylem's solutions include products and services that move, treat, analyze and monitor water.