Small utilities: Are you equipped to fend off cyberattacks?

March 14, 2024
1 min read





TLDR:

Small utilities are facing cyber threats, with limited resources for cybersecurity. Many lack the funding and expertise to protect against highly motivated adversaries targeting critical infrastructure. Better coordination and resources from the federal government are needed to help these organizations defend against cyber threats.

Summary:

In a world where small utilities are increasingly targeted by cyber threats, many are struggling to defend themselves due to limited resources. These utilities play a crucial role in providing essential services such as power, clean water, and fuel to communities. However, they often lack the funding and expertise needed to protect against highly motivated adversaries with financial and political agendas.

Recent attacks on critical infrastructure, such as the compromise at a Pennsylvania water utility by hacktivist group CyberAv3ngers, highlight the vulnerabilities faced by small utilities. Despite efforts by government and industry to share advisories and coordinate response and recovery exercises, many small utilities still struggle to prioritize and act on cybersecurity information.

To address these challenges, it is crucial to close the resource gap for small utilities. This involves providing access to tools, technology, and expertise needed to build a basic cybersecurity program. Budgeting processes should include cybersecurity needs as baseline requirements, and costs for cybersecurity investments should be recoverable.

Grant programs, such as the Department of Homeland Security’s State and Local Cybersecurity Grant Program, are a step in the right direction. However, there are process hurdles and oversight challenges that slow down the delivery of resources to operators in need. Companies like Dragos have launched initiatives, such as the Community Defense Program, to provide small utilities with critical cyber protections.

Closing the resource gap and providing small utilities with the tools and information they need is essential for protecting our communities and national security. By working together and offering the necessary resources, we can help small utilities defend against cyber threats and safeguard critical infrastructure.


Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and