With the continued rise of operational technology (OT) cyber threat activity, the water and wastewater systems providing potable water and sanitary sewage treatment to three-fourths of the U.S. population are increasingly becoming vulnerable to a variety of attacks that have the potential to disrupt operations and pose safety risks to the systems’ ability to perform fundamental functions.
Dragos has identified five critical security controls that can help water and wastewater organizations maintain safe and reliable industrial processes. In this brief, we focus on three sample scenarios based on actual cyber events within the water and wastewater industry:
- Remote Human Machine Interface (HMI) Operation
- Ransomware
- Insider Threat
We recommend the OT security controls necessary to better protect, detect, respond, and recover from each of these scenarios.
