Water Online

March 2013

Water Innovations gives Water and Wastewater Engineers and end-users a venue to find project solutions and source valuable product information. We aim to educate the engineering and operations community on important issues and trends.

Issue link: https://wateronline.epubxp.com/i/110987

Contents of this Issue


Page 19 of 38

Cybersecurity Who Will Stop The Hackers? With cyber threats against critical water infrastructure on the rise, the U.S. government, utilities, and private security firms seek solutions before it���s too late. By Kevin Westerling T he nation���s cybersecurity issue has been festering for an uncomfortably long time. It���s a crisis waiting to happen, and each day the threat is ignored is a gamble. Eventually luck runs out, however, and the folks in Washington have deemed that the stakes are simply too high to leave to chance, especially when the odds of avoiding a catastrophe get ever-slimmer. In the last year alone, the number of attacks against critical infrastructure reported to the Department of Homeland Security (DHS) increased by 383%, according to U.S. Senator Tom Carper (D-Del.), Chairman of the Homeland Security and Governmental Affairs Committee. ���We are constantly learning of new cyberattacks on our critical infrastructure, government systems, and businesses,��� he told me. ���And it appears there is no end in sight.��� Specific to water and energy utilities, Sanaz Browarny, chief of intelligence and analysis for the control systems security program at the DHS, stated at the 2012 GovSec conference that such attacks occur ���on a daily basis.��� The concern is heightened by the origin of the attacks. A recent report, released in January 2013 by Akamai Technologies, revealed that China is not only the biggest culprit, but also the fastest-growing. In the third quarter of 2012, China accounted for 33% of cyberattacks, more than double the previous quarter. That���s far more than even the second and third countries combined ��� the United States and Russia, respectively, at 18%. If identifying the problem is the first step to solving it, then some credit can be given to Democrats and Republicans for coalescing on the fact that cyberattacks pose an imminent threat to critical infrastructure and, by extension, the public. Cyber infrastructure is defined as ���critical��� when an attack could reasonably result in the interruption of lifesustaining services, catastrophic economic damage, or severe degradation of national security. High stakes indeed. It���s no wonder, then, that the country���s two political parties actually agreed on something ��� to take action on cybersecurity. But then the political ���process��� took over. 20 wateronline.com ��� Politics And Cybersecurity The Cybersecurity Act of 2012, introduced by a bipartisan group of sponsors (Sen. Carper included), was roundly criticized by Republicans for including federal mandates for security measures to be put in place ��� later watered-down to voluntary best practices. The opposition argued that even voluntary standards could provide a ���back door��� to regulation, and thus construed it as government overreach and anti-business (since most security systems are run by private companies). In response, they presented the SECURE IT Act (Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology), but Democrats countered that it was too lax because it relied solely on information-sharing among the government and private industry, and that the latter is not typically driven by public safety. SECURE IT, the Democrats argued, lacked regulatory teeth, as it featured no regulatory requirements, or even best practices, that would coerce vendors to address vulnerabilities in software systems within information security or control systems. As 2012 came to a close, there was no meeting of the minds, no compromise, and no cybersecurity legislation. But with the threat of a crippling cyberattack still hanging over our collective heads, the issue doesn���t go away. When the second version of the Cybersecurity Act of 2012 failed, President Obama began Water Online The Magazine

Articles in this issue

Links on this page

Archives of this issue

view archives of Water Online - March 2013