Skip to content

Why Cyber Funding Flows for Rural Water Systems

June 27, 2023 – Published on Dark Reading

A recent bill that proposes $7.5 million in annual cybersecurity funding for the next five years for US rural water systems may have a bigger impact for covered entities than the dollar amount alone would suggest. It would be a much-needed infusion of cash for a critical infrastructure sector that plays a big role in public safety despite its smaller customer base.

The funding adds to $25 million available annually as technical assistance for rural water systems and small water utilities under a US Department of Agriculture (USDA) initiative called the Circuit Rider Program. But this bill targets a narrowly focused set of small organizations that currently have little to non-existent cybersecurity capabilities.

There are more serious concerns as well. By targeting critical operating systems at small water facilities, an attacker could “drain tanks, change levels of chemicals, inject bad telemetry information into well and tank monitoring, and potentially impact waste treatment operations,

It’s also important to remember that softer targets take fewer resources to attack, cautions Chris Warner, senior operational technology security consultant at GuidePoint Security. Such targets are often used to divert attention from more significant and larger targets, he notes. 

Shutting off water is just one potential outcome of an attack on a rural or small water system, Warner adds: “What concerns me is [attackers] changing the amount of chemicals used to clean and or balance the water quality. This could cause mass sickness and even possible death.”

Earlier this month the Cybersecurity for Rural Water Systems Act of 2023 was introduced, seeking to expand the National Rural Water and Wastewater Circuit Rider program by including $7.5 million annually between 2024 and 2028 for cybersecurity technical assistance for small and rural water utilities.

Under the proposed program, cybersecurity experts — or circuit riders — will travel to rural water facilities and assist them in building plans for securing their systems against cyberattacks. The cybersecurity riders will become part of a broader team of circuit riders that have been providing as-needed, hands-on training and other technical assistance to small and rural water systems for decades.

Expanding the circuit rider program to include cybersecurity should begin to help smaller, rural water systems start their security journey, says GuidePoint’s Warner. Many of these entities lack the security personnel, expertise, and funding required to operate systems for securing their water and wastewater equipment, he says.

“From several of the water and wastewater organizations I’ve helped out in the past, this will greatly assist organizations to create security departments that may not exist or that are treated as ‘other duties assigned,'” he says. The funding could also help them build out governance and risk management programs, Warner notes.

Read More HERE.