Only 1.7% of water supply companies allocated more than 10% of the budget to strengthen OT cybersecurity.
On Tuesday, August 3, the information security company ThreatLocker published a report “Protecting water supply infrastructure from cyber attacks» (Protecting water infrastructure against cyberattacks) , which describes the security problems in the US water supply enterprises.
The report details the extremely limited financial resources of water utilities throughout the United States, dedicated to information technology (IT) and operational technology (OT).
According to the Systems Audit and Control Association (ISACA), at least 38% of all enterprises have devoted less than 1% of their budget to IT cybersecurity. Another 22.1% of enterprises allocated 1-5% of the budget for strengthening IT protection against cyber attacks, and only 1.7% allocated more than 10% for strengthening OT cybersecurity.
These tight budgets ultimately make it difficult to secure water systems, forcing companies to seek cost-effective solutions to mitigate cybersecurity risks.
The situation is aggravated by the fact that there are no clear regulatory requirements for water supply companies. While they come under the control of the Environmental Protection Agency (EPA), water companies are also administered by government and environmental agencies and government utility commissions. While the 2018 US Water Infrastructure Act includes cybersecurity issues, it only mentions them twice.
Catch up on more stories here
Follow us on Facebook here