Key to ensuring cyber security now and into future

Posted 30 June 2017

Cyber securityData gathering in the water industry is evolving, but there are still several challenges it needs to overcome before the process matures. One is cyber security and how to protect itself from threats that come as a side-effect of more internet-enabled devices. 

The cost of cybercrime is expected to rise to $6 trillion by 2021, and the attacks themselves are taking a broader reach. There have already been two high-profile, global cyber attacks this year: WannaCry and most recently Petya

Although it’s impossible to block all malicious intent, the water industry can take precautionary measures.

“The water industry has to embrace the inherent risks that come with digital transformation and reliance on data,” said Data61 Senior Principal Researcher Dr Fang Chen.

This doesn’t mean that organisations should dive head first into the ether – it just means they should look before they leap.

“Put thought into which of your systems you are connecting to the internet,” Chen said. 

“Review security measures in terms of how different control systems are segregated from other systems to keep a breach from spreading to essential functions.”

The water industry can also take steps to protect itself by sharing threat data, choosing solutions that are secure by design and investing in people who specialise in this field, said IBM Research Australia VP and Lab Director Joanna Batstone.

“As the water industry develops and adopts technologies related to data, cognitive computing and the Internet of Things, cyber threats are growing in both volume and complexity,” she said.

“This has given rise to new professions and emerging job roles in modern utilities, such as Chief Data Officers and Information Security Officers who are helping prepare, prevent, detect and respond effectively to an ever changing threat landscape.

“Investment in cyber security talent acquisition now and for the future is key for the industry.”

Investing in digitally savvy talent is crucial, agreed Chen, and she said that it’s just as important to upskill current employees.

“Most cyber attacks are the result of human error such as through phishing scams, which cause the majority of incidents,” she said. 

“You can automate some processes, but make sure that you keep people in the loop by adequately preparing staff members to prevent or deal with these types of attacks.

“There needs to be an instant response process, so have a plan for what you will do at the first sign that something bad has happened, and a procedure to minimise the risk.” 

Dr Fang Chen and Joanna Batstone were panel members at the Water Leaders Forum at the recent Ozwater’17 conference in Sydney. To learn more, click here