For this reason, Steve Uban, director of innovation for Informational Data Technologies, says it's important for water utilities to maintain the same cyber security protocols that all other companies should.
company sells satellite-based water metering services, which lowers the probability of an attack on communication within the network.
The signals between meters and the satellite itself are mostly invulnerable, and the uplink stations that directly communicate with the satellite are even protected by military hardware.
The online portal between the water utility and IDT
, however, isn't.
The usernames and passwords IDT provides work from any internet-connected computer, and the system has no way of knowing the actual identity of the person who entered them.
The biggest risk, Uban
says, would be that of a disgruntled former employee using his
password to log into the system and either steal data or disrupt operations.
For that reason, it is important for utilities to vigilantly disable access for any employee who leaves the company.
Utility employees also need to be vigilant with how they handle their login data.
would never send a password and username through e-mail, Uban
says, that doesn't stop employees from e-mailing this information to each other or even themselves.
Should a bad actor gain access to that e-mail-either by hacking or simple access-the danger could be greater than that posed by a disgruntled former employee.
While the former employee's access would likely be shut off eventually, a hacker getting regular access to the system through a current employees login could siphon information, undetected, for an extended period of time.
For that reason, Uban
says, water utilities should have a robust security policy that includes appropriately complex passwords that are changed on a frequent basis.
And, if employees don't follow the policy, there should be real consequences.
"If somebody's not following that, you want to be able to fire them," he
says, "because it's a risk to the whole system."