Defra sets out cyber security strategy for water sector
The Government has published a cyber security strategy for the water sector, summarising what water and sewerage companies need to do to reduce the risks of cyber attacks.
Published by the Department for Environment, Food and Rural Affairs, the strategy, which focuses on attacks based around computers, computerised systems or networks, is mainly aimed at water and sewerage companies in England.
It says there are “credible cyber threats to UK Critical National Infrastructure, including the water sector,” and that these could lead to “serious consequences, particularly as increased automation and connectivity reduces the scope for standalone or manual operation of the water supply system.”
Recent reviews by government cyber experts have identified significant opportunities for the water sector to operate at a higher level of cyber security maturity.
The water-specific strategy is part of a government-wide response to the cyber threat, which complements the National Cyber Security Strategy (2016). The strategic vision and objectives have incorporated significant contributions from the sector and aim to guide activities across the sector, including water companies and government. It aims to achieve a vision by 2021 of a “secure, effective, and confident water sector, resilient to an ever-evolving cyber threat.”
Key objectives within the strategy include understanding the threats; managing the risk from these threats; managing any incidents that arise in the best way possible; and developing capabilities to increase future resistance and build cyber skills.
The cyber risk reviews identified a number of key areas in which the sector should focus its cyber security activities.
One of these is the architectural design/separation of Information Technology (IT) and Operational Technology (OT). The paper says that ideally IT and OT systems or networks should be completely separated to prevent infections in IT systems spreading and impacting processes that could cause physical damage.
It also flags up the cyber risk from third parties, with company networks increasingly accessed by third parties such as equipment suppliers, software suppliers and contractors who require the ability to upload software onto systems, make alterations and plug their equipment into the host network.
The paper says policies need to be in place to manage this risk, for instance by restricting the number of people with external accesses to a network and ensuring that devices plugged in to the host network are not carrying malware.
The full strategy is available to download here.
- Water minister Dan Rogerson to mark 25 years of privatisation Water minister Dan Rogerson will be appearing in a special event to mark the 25th anniversary of the privatisation of the... Read More >
- UK falling behind on innovation investment The UK is lagging well behind countries like Israel, Canada, Singapore and the Netherlands in water technology investment... Read More >
- SBWWI calls for National Smart Metering Forum to be set up Trade association SBWWI has warned that without urgent representation of the water sector, the infrastructure networks... Read More >
- Reliability engineering key to resilience As a result of the 2014 Water Act and Ofwat, water companies are increasingly studying how resilient they might be to... Read More >
- Getting to Grips with... site security The current threat level for international terrorism in the UK is classed as ‘severe', and damage or destruction to... Read More >
- Tanks need a spot of TLC Proper maintenance of tanks is key to ensure their long and productive life, while refurbishment can give a new lease of... Read More >
- Fundamental Equations Alec Erskine explores how some key equations can assist with the business of asset management in water Read More >
- Yorkshire Water's decision-making uses ‘five capitals’ approach Yorkshire Water has developed a new decision-making framework for PR19 which quantifies natural and social factors Read More >
- Supply Network Manager Location: Somerset Salary: £30,767 to £41,226 per annum Looking for your next career move in water supply? If so, we may have a fantastic... Read more here.
- Senior Analyst The Organisation The Water Industry Commission for Scotland is the economic regulator of the water and sewerage industry in Scotland. ... Read more here.
- Key Account Manager Key Account Manager Competitive Salary: £40,000+ DOE London and Thames Valley Knowledge, Skills & Experience Commercially astute with... Read more here.
- Contracts Manager Contracts Manager Castle Water Limited Castle Water is the leading independent water retailer in the UK, and one of the fastest growing... Read more here.
- Divisional Customer Services Director Castle Water is the leading independent water retailer in the UK, and one of the fastest growing utility supply companies, supplying services... Read more here.