Water's March guidance on cyber threats highlighted after NHS malware strike


Water industry support and guidance on cyber threats issued in March were highlighted by last week’s extensive cyber attacks on the NHS and other organisations globally.

Water UK published in March, a set of principles and recommendations to help its members address the risks posed to water and wastewater services by cyber related threats.

It pointed out: "The UK water industry provides a unique challenge when it comes to implementing cyber security. The combination of critical national infrastructure, complex investment cycles and legacy hardware, alongside an evolving regulatory framework means that most companies are now juggling priorities to address the risks identified alongside other significant investments."

The document, Cyber Security Principles for the Water Industry produced by the Water UK Cyber Security Good Practice group in collaboration with DEFRA and the National Cyber Security Centre, identified six core principles and provides recommended good practice for each principle. It referenced industry standards and was supplemented with practices and examples of work which are being undertaken within the sector. This guide included sample materials which could be used by companies to develop the sector’s maturity.

Supporting this report is the strategy produced by DEFRA, also in March 2017, Water Sector Cyber Security Strategy.