A recent survey on water cybersecurity in Alabama revealed some concerning vulnerabilities. Out of all the water systems surveyed, only 8% responded to requests for information on their cybersecurity practices. Even among those responses, some declined to answer specific questions and only provided general statements.
Here are some key findings from the survey:
1. Preparation for Cyber Attacks:
When asked about the amount of time spent on preparing for cyber attacks on key assets compared to two years ago, 100% of respondents said they are spending more time on cybersecurity now.
2. Simulation and Tabletop Exercises:
Two-thirds of the systems surveyed have conducted or participated in a simulation or tabletop exercise to simulate an attempted cyberattack or test cyber vulnerabilities in the past two years. However, 16% have not done so, and another 16% have a contract pending to conduct such an exercise.
3. Cybersecurity Insurance:
Half of the systems surveyed reported that they hold, carry, or pay for cybersecurity insurance. On the other hand, 16% do not have cybersecurity insurance, and 34% chose not to disclose whether they have it or not.
4. Cybersecurity Audits:
When asked how often they audit their cybersecurity protections, 16% of respondents said they do it daily, 33% do it annually, and 51% chose not to disclose this information.
These findings highlight the importance of water systems prioritizing cybersecurity measures to protect against potential cyber threats. With the increasing digitization of critical infrastructure, such as water systems, it is crucial for organizations to regularly assess and improve their cybersecurity practices.
The low response rate to the survey also indicates a potential lack of awareness or transparency regarding cybersecurity practices among water systems in Alabama. This underscores the need for more education and resources to help these systems enhance their cybersecurity posture.
As cyber threats continue to evolve and pose risks to essential services like water supply, it is essential for organizations to stay vigilant and proactive in safeguarding their systems against potential attacks. By investing in cybersecurity measures, conducting regular audits, and participating in simulations, water systems can better prepare themselves to mitigate cyber risks and ensure the security and reliability of their operations.