In December 2023, the NFGWS learned that a group water scheme in the west of Ireland had unfortunately fallen victim to a cyber-attack. That attack impacted the scheme’s PLC, controlling the main pumps and treatment plant operation.
It caused it to shut down, resulting in members being without water for a period. Thankfully, the situation was resolved quickly. However the threat to group water schemes from further cyber-attacks has now become a reality and is something every scheme must prepare for.
Group water schemes in DBO contracts are very much reliant of their service provider to ensure that they have adequate protection procedures. The NFGWS has been corresponding with the main DBO service providers to establish what controls they have in place.
GWSs that are not in DBO contracts will be required to be more hands-on to make sure that PLCs and any software used as part of the treatment processes are protected.
Recommendations
The NFGWS and the National Cyber Security Centre (NCSC) are advising all GWS to ensure they have adequate cyber security systems in place. These might include the use of VPNs and basic firewall protection, particularly for operating systems and remote access applications.
Some of the NCSC basic recommendations include making sure that default passwords on PLCs are changed, creating strong passwords, and setting up multifactor authentication for all remote access systems.
The NCSC also advises to avoid situations where PLCs are connected to the open internet without protection, ensure systems are regularly backed up to enable fast recovery, and keep all software systems regularly updated.
The NCSC recommends that if a group water scheme is affected by attacks, provide details of these attacks to the NCSC and contact its local Garda station as soon as possible. We would also advise any scheme that experiences an attack to please also notify your supervisory authority (Local Authority) and the NFGWS immediately.
This article originally featured in the most recent edition of the Rural Water News magazine. To read the full edition and to sign up to our magazine mailing list, click here.