Defra sets out cyber security strategy for water sector
The Government has published a cyber security strategy for the water sector, summarising what water and sewerage companies need to do to reduce the risks of cyber attacks.
Published by the Department for Environment, Food and Rural Affairs, the strategy, which focuses on attacks based around computers, computerised systems or networks, is mainly aimed at water and sewerage companies in England.
It says there are “credible cyber threats to UK Critical National Infrastructure, including the water sector,” and that these could lead to “serious consequences, particularly as increased automation and connectivity reduces the scope for standalone or manual operation of the water supply system.”
Recent reviews by government cyber experts have identified significant opportunities for the water sector to operate at a higher level of cyber security maturity.
The water-specific strategy is part of a government-wide response to the cyber threat, which complements the National Cyber Security Strategy (2016). The strategic vision and objectives have incorporated significant contributions from the sector and aim to guide activities across the sector, including water companies and government. It aims to achieve a vision by 2021 of a “secure, effective, and confident water sector, resilient to an ever-evolving cyber threat.”
Key objectives within the strategy include understanding the threats; managing the risk from these threats; managing any incidents that arise in the best way possible; and developing capabilities to increase future resistance and build cyber skills.
The cyber risk reviews identified a number of key areas in which the sector should focus its cyber security activities.
One of these is the architectural design/separation of Information Technology (IT) and Operational Technology (OT). The paper says that ideally IT and OT systems or networks should be completely separated to prevent infections in IT systems spreading and impacting processes that could cause physical damage.
It also flags up the cyber risk from third parties, with company networks increasingly accessed by third parties such as equipment suppliers, software suppliers and contractors who require the ability to upload software onto systems, make alterations and plug their equipment into the host network.
The paper says policies need to be in place to manage this risk, for instance by restricting the number of people with external accesses to a network and ensuring that devices plugged in to the host network are not carrying malware.
The full strategy is available to download here.
- Government announces £130M extra funding for flood defence schemes More than 40 new flood schemes have been given the green light as the government earmarks an addition £130M to help secure... Read More >
- Washing machines use billions of litres of water annually, analysis reveals UK households use 343.2 billion litres of water a year in washing machines which is the equivalent to draining 20 Lake... Read More >
- MPs debate flood defence funding Managing flood risk has been the subject of an estimates day debate in the House of Commons. Yesterday's debate was based... Read More >
- Collaborating on Professional Excellence A new partnership between Energy & Utility Skills and the Institute of Water is to help drive forward the skills agenda... Read More >
- Reducing harmonics with passive filters or active front-end drives Harmonics in the electrical systems of operators can be addressed by front-end drives or passive filters, with each having... Read More >
- Top Tips for… Building Asset Resilience PR19 will be a considerable step forward from PR14, requiring a significant shift towards greater service resilience and a... Read More >
- A Time to Skill: how can water face its workforce challenges? Faced with the double challenge of an ageing workforce and a potential barrier to bringing in EU talent due to Brexit, how... Read More >
- Grit removal: the importance of protecting downstream equipment The water industry needs to wake up to the costly damage that wastewater grit can cause and take action to ensure that key... Read More >