Cyber attacks on water utilities: why and how to mitigate the risks with Sunil Sharma
Cyber attacks are a clear and present threat to both organisations and individuals the world over and, alarmingly, they are no longer just about stealing your bank details.
As a recent attack on an Israeli water treatment plant has shown, the motivations behind them are becoming increasingly political and that poses a significant issue for water infrastructure.
We talked with Cyber Security expert, GHD’s Sunil Sharma about the impact cyber threats could have on water and what utilities can do to safeguard their data and operational technology.
Meet this week’s expert
Digital Risk and Cyber Security Leader
Sunil Sharma has 25+ years of experience in Digital Risk and Security, and ICT. Formerly, he led Digital Risk and Cyber Security practices at PwC and Accenture. He has led several Digital Risk advisory and consulting engagements across Energy, Resources, Financial, Retail, and Entertainment industries. And is currently GHD’s lead consultant, assisting organisations in setting up comprehensive digital risk strategies and executing successful rollout of risk controls. Sunil is passionate about cybersecurity, especially in the water industry where there’s more take up of operational technology, particularly in the wake of COVID-19.
- It’s upon organisations to make sure that they make their people aware. And I think that awareness needs to start by telling them how it can affect their personal lives so that it’s relatable. But at the end of the day, the motivation is to make sure that their business systems and the critical infrastructures are safe as well. So it has to start right from the top within organisations.
- You need to identify which assets are critical. So if they fail or if they were tampered with, which are the assets which are going to be most vulnerable? Or if they are vulnerable, what would be the biggest impact on certain assets to its operations and also to the well-being of citizens as a result?
- One of the key challenges they find is their executives and their boards are probably, I wouldn’t say all the time, but quite often they haven’t bought into spending any dollars in strengthening their cyber security stance and reducing the risk.
- I think one of the things which the organisations do need to do when they are planning for or designing a certain technology to be launched — doesn’t matter if it’s within the organisation or it’s for remote access or it’s being rolled out to remote machines — is to make sure that security by design is being considered. So it’s not an afterthought.
- Start with the basics. Do your risk assessment. Work out what your assets are, how they could be impacted and what consequences you would have.
About Future Water
Hear from water innovation and digital transformation leaders from across the globe and discover the technology and innovations that are shaping the digital future of water. Proudly hosted by AquaLAB, powered by GHD Digital.
If you enjoyed today’s show, please subscribe on your platform of choice. We’d love your feedback, rating and review as well. Here’s a list of platforms you can currently subscribe on:
Connect with AquaLAB
AquaLAB is GHD’s global water innovation and knowledge hub. We inspire water industry leaders to explore novel ideas, openly discuss challenges, and experiment with technology to safeguard the world’s most precious resource for future generations.
If you’d like to learn more about AquaLAB, connect with us via our website or LinkedIn.