From drinking water to emergency services to energy and food production, any breakdown in service can cause massive disruptions, affecting the lives of thousands or even millions of people. In addition to the ageless issues of natural disasters and system breakdowns over time, the adoption of digitized and connected process control systems (PCS) in water and wastewater operations has led to the new and potentially catastrophic risk of cyberattack. Critical infrastructure a prime target for hackers and antagonistic nation states, as evidenced by the devastating attacks on the Ukrainian power grid and oil and gas production in the Middle East2 , and attempts on power plants, dams, and other systems in the United States. Not only is targeting critical infrastructure attractive to cyber threats for its potential for mass destruction, but also because many infrastructure systems have been found to be particularly vulnerable to cyberattack. From specialized malware to accidental touchpoint breaches, bad actors and their bots are constantly searching for new targets to breach, map, and stage attacks. Any system connected to the internet, either directly or indirectly, is a potential target.
The dramatic rise of cyber threats over the last two decades has not been lost on the organizations charged with helping to protect and providing guidance to critical infrastructure. The U.S. Department of Homeland Security (DHS), NIST, American Water Works Association (AWWA), and other regulatory and advisory organizations have all analyzed the cyber risks to water and wastewater organizations, and provided best practices and guidance through a number of reports and other assets. These assets include references and recommendations for the use of data diodes – a hardware-enforced cybersecurity technology in use across many sectors of critical infrastructure for network security. This industry brief represents a compilation of actionable information and recommendations from trusted industry and regulatory sources as well as how these recommendations can be met by data diode technology to protect water and wastewater systems from cyber threats.
Therefore, the scope of protecting this infrastructure from cyber threats should be considered broadly to account for the various possible points of entry and the types of exploits that may be employed.