Ensuring the Security of Our Water Systems: A Cybersecurity Imperative
In the latest episode of The Other Side of the Firewall podcast , hosts and Shannon Tynes explore a pressing issue in cybersecurity — the alarming state of our nation’s water systems. A recent article from Ryan Williams Sr. revealed that over 70% of surveyed water systems fail to meet EPA cybersecurity standards. This staggering statistic should be a wake-up call for everyone concerned with the integrity of our critical infrastructure.
You can view the full podcast episode on our YouTube page:
You can listen to the full podcast episode on almost every audio platform:
The Importance of Cyber Hygiene in Water Systems
Water systems are essential to our daily lives, providing the water we drink, cook with, and use for sanitation. The Safe Drinking Water Act (SDWA) mandates that community water systems serving over 3,300 people conduct safety assessments and revise their response plans every five years. However, given the rapidly evolving nature of cyber threats, this interval seems dangerously outdated. As Shannon pointed out, “The threats change way more frequently than that… if you follow that guideline, in five years, you’re looking at your policies and you’re like, this was out of date three years ago.”
The Risks of Outdated Systems
Many water systems are running on antiquated software, with some still using Windows 7, which reached its end-of-life over a decade ago. This lack of basic cyber hygiene makes them prime targets for attacks. As we discussed, this isn’t a theoretical risk. The city of Oldsmar, Florida, experienced a cyber attack where an intruder attempted to poison the water supply via a compromised system. Fortunately, the attack was thwarted, but it highlighted the vulnerabilities inherent in outdated systems.
The Need for Regulation and Investment
It’s clear that we need more frequent and rigorous assessments of our water systems’ cybersecurity. Yet, political and financial hurdles often impede progress. While upgrading these systems may not be profitable in the short term, the cost of a major security breach would be far greater. It’s not just about protecting the water we drink directly; it’s about safeguarding the entire supply chain, including bottled water and industrial uses.
Conclusion
The safety of our water supply is non-negotiable. We must advocate for better regulations, more frequent assessments, and significant investment in cybersecurity for our water systems. Ignoring these issues won’t make them disappear; it will only make the eventual fallout more severe. As we continue to highlight these critical issues on The Other Side of the Firewall podcast, we hope to drive the necessary changes to protect our communities.
Thank you for reading and stay tuned for more episodes of The Other Side of the Firewall podcast on Monday, Tuesday, Wednesday, and Fridays, as well as, the Ask A CISSP podcast every Thursday. Please like, share, and, subscribe.
Stay safe, stay secure!
Ryan is a retired Air Force veteran who brings over 20 years of experience in network infrastructure, project management, and cybersecurity consulting to his current role at BuddoBot . At Buddobot, he is dedicated to supporting national security by helping organizations transition from costly, reactive, and automated IT and security practices to proactive and robust security solutions.
Shannon, also a retired Air Force veteran, has more than two decades of expertise in network security and vulnerability management. He now serves as an Information System Security Officer (ISSO) for the U.S. Space Force, where he continues to enhance national security protocols.
Originally published at https://www.linkedin.com.