Water at very high and growing risk of cyber attack
- by Karma Loveday
- Feb 4, 2024
- 2 min read
The water sector carries very high overall cyber risk, Moody’s highlighted in a new report, Spate of cyber incidents highlight sector's elevated cyber risk.
It is one of five sectors, all critical national infrastructure operators, carrying the highest overall level of cyber risk. Moody’s said it views critical infrastructure “as particularly attractive for sophisticated attackers, because of the systemic role that it plays and the high level of disruption to a specific region caused by a cyberattack”.
Moreover, the sector’s exposure in increasing. Phil Cope, vice president, senior analyst at Moody’s said: “The water sector's exposure is rising as the sector is becoming increasingly digitalised through the installation of data logging equipment and smart meters, a trend we expect to continue given the need to reduce per capita consumption. Greater digitalisation introduces new vectors of attack for malicious actors, for example, pivoting an attack from the third party vendor used to provide some of the digitalisation services.’’
The “spate” referred to in the Moody’s report title, links to Southern Water’s report in January that it was investigating a ransomware attack, and South Staffs Water’s confirmed exposure in 2022, when personal customer data was exfiltrated.
Moody’s said the financial cost of remedial measures on system security and potential penalties would likely be modest. In South Staff’s case, this will be c£10m, around 3% of net debt at March 2023. For larger firms, the hit would be proportionally smaller and the financial impact negligible. However, the note cautioned: “The greater risk for the sector and society, is if malicious actors are able to access operational technology (OT) systems to impair drinking water or wastewater treatment facilities. Regulators, government bodies and licensees are cognisant of the need to bolster cyber defences given the growing sophistication of attacks on critical infrastructure, with state-aligned actors a recent but growing class of cyber adversary."
Comments