cybersecurity for water and wastewater treatment plants morrison maierle

What You Need to Know About Cybercrime

By Josh Botz and Jason Mercer – If you’ve paid attention to news stories on cybercrime and cybersecurity in the last year, none of these headlines will come as a surprise.

“Man charged for hacking Kansas water utility with intent to harm public”
“Hackers steal power utility company customer data”
“FBI worried about increasing cybercrime against small businesses”
“N. Carolina power plant attack raises concerns for utilities, consumers and security experts”
“NJ hospital sending patients away because of cybersecurity concern”
“Lack of Cybersecurity Expertise Poses Threat for Public-Safety Orgs”
“Port of South Louisiana hires firm, plans own cyber security department after costly hack”

While many of these stories originate from other parts of the country, similar attacks closer to home are inevitable. Why? Because cybercrime is everywhere, and no person, community, or utility is immune.

To take proactive steps to protect yourself and your water or wastewater plant from hackers, it’s important to understand how cybercrime works.

Understanding Cybercrime

There’s no rule book or “best practices” that hackers follow when it comes to cybercrime (if it were only that easy!) However, a few things may help you understand how cybercrime works.

  1. Hackers don’t need to be great at using computers! They can buy leaked credentials on the dark web and try them out on other accounts. If you reuse passwords on accounts, then you could be easy prey.
  2. Cybercriminals have a variety of motivations and aren’t necessarily targeting you for profit. Some will choose their targets based on values and beliefs and are termed “hacktivists.” Cyber terrorists look to cause disruption and panic and see public services like water and wastewater plants as ideal targets. Low-level hackers may just want to test their skills and “see if this does anything.”
  3. Social engineering is among the most successful methods for hackers because they can bypass all technical security controls simply by tricking someone into giving out sensitive information or opening a door for them (technically or physically).
  4. They like to start small. Hackers would prefer to take their time and learn how to remain undetected. This gives them time to prepare for larger, more sophisticated attacks and they can even prepare their own defenses against you inside your own network. You may already be compromised!
  5. Hackers know they are on a winning team. The security industry can’t keep up completely with how quickly cybercrime is growing and many organizations are still working to implement a basic cybersecurity program. This is challenging due to the cost and the shortage of qualified security professionals. The good news is that if you protect yourself and your system well, hackers may choose to go after an easier target.

How to Get Started

Understanding how hackers operate can help you begin assessing your current situation so you can identify risks and potential threats. Another tool for you is to complete an audit of your systems. There is a free tool from the American Water Works Association (AWWA) that water and wastewater systems can use it to audit their IT and financial systems.

If you’re ready to assess your systems and networks more closely and need assistance, we’re here to help. Just click on the button below and we’ll contact you shortly.

Let’s Talk More About Cybersecurity

Josh Botz is Morrison-Maierle’s Systems Information Security Specialist. Jason Mercer, PE, is Morrison-Maierle’s Water-Wastewater Market Group Leader.