Cybersecurity in water

Overcoming vulnerabilities to build a vigilant, resilient and secure critical water infrastructure
Authors: Sunil Sharma, Mike Tocher, Aijaz Shaik, Anne-Marie Kirkman
Mooserboden water reservoir and concrete dam
According to GHD analysis, about a quarter of global water systems will likely have experienced a cybersecurity breach by 2025.
Overcoming vulnerabilities to build a vigilant, resilient and secure critical water infrastructure

Water is a critical resource for sustaining human life and the global economy. Water systems are considered critical infrastructure that supports essential services such as drinking water, sanitation, irrigation and power generation.

These systems are complex and interconnected, consisting of multiple components such as pumps, valves, sensors, treatment systems and control systems. Any disruption or damage to these systems can have far-reaching impacts on public health, the environment and the economy. In addition, these systems often operate in harsh and remote locations, making them difficult to monitor and secure. Water systems are often managed by remote monitoring and control systems that rely on diverse data networks, software applications and hardware. While these technologies offer numerous benefits, they also introduce new vulnerabilities that cyber threat actors can exploit.

Attackers can exploit software, hardware and communication protocol vulnerabilities to gain unauthorised access to water systems. They can also launch ransomware, denial-of-service attacks and phishing attacks to disrupt operations or steal sensitive data.

The water sector faces a significant and escalating threat from cyber-attacks as cybercriminals could exploit vulnerabilities to access essential water treatment systems. For instance, there was a 100% increase in malicious techniques used by cyberattackers to take control of a program or operating system in 2022 compared to 2021. These attacks highlight the need for robust cybersecurity programs to ensure the safety and reliability of water systems. Currently, cybersecurity practices are not widely implemented across many water systems. Despite government efforts to enhance cybersecurity through voluntary measures, progress has been slow in safeguarding the world's crucial drinking water systems.

This article explores the challenges of cybersecurity in water and highlights the steps that can be taken to enhance security and resilience.

Keep reading: Discover a holistic cybersecurity approach

Water treatment system

Enhancing cybersecurity in water requires a multifaceted approach that addresses people, process, and technology issues. Here are the key steps that should be undertaken to improve cybersecurity in water.

Read the full report