The recent audit of Halifax Water conducted by the Halifax Regional Municipality's auditor general has found several deficiencies in the utility's cybersecurity. The audit examined the supervisory control and data acquisition (SCADA) systems and discovered 21 recommendations to improve security. The report stated that a lack of adherence to policies, insufficient controls on physical access to the plant and offices, and no process to manage inventory of spare parts were among the weaknesses identified.
One of the most concerning issues highlighted in the report was employees clicking on links in phishing emails. To test their awareness of security protocols, a phishing email was sent to 55 employees of the utility, purporting to be from a legitimate source with a link. Shockingly, 45 employees clicked a link in the email and provided their credentials. Three others clicked the link but did not submit their credentials. This indicates a significant lack of cybersecurity awareness and training among Halifax Water's employees.
The report also warned that if the security of the system was compromised, it could impact the control of the system and the supply and quality of water. The SCADA system plays a crucial role in monitoring and controlling Halifax Water's infrastructure, and a breach could have severe consequences.
Halifax Water has accepted all 21 recommendations for strengthening security included in the report. However, the utility did not provide any specifics of its response plan. Halifax Water's acting general manager and CEO, Louis de Montbrun, said that the utility continually works to safeguard its infrastructure and information technology systems, but there is always room for improvement. Some work has already been done to improve their systems, and the rest will be addressed in "a financially and operationally prudent way."
The audit's findings highlight the importance of cybersecurity training and awareness for employees in critical infrastructure organizations. It is essential to educate employees about the risks of clicking on links in phishing emails and to implement measures to prevent these types of attacks from succeeding.
Moreover, the audit emphasizes the need for a robust cybersecurity strategy that includes formal policies and procedures to manage risks associated with SCADA systems. The utility must also implement controls to limit physical access to its plant and offices and manage inventory of spare parts to reduce the risk of insider attacks.
Overall, Halifax Water must take the findings of this audit seriously and implement the recommendations for strengthening security to prevent cyber attacks and safeguard its infrastructure and information technology systems. It is vital that other critical infrastructure organizations learn from Halifax Water's audit and take proactive steps to improve their cybersecurity posture. Cybersecurity is an ongoing process that requires continuous improvement, and it is critical that organizations prioritize it to protect their operations and customers.
This blog was written by the Activated Solutions team. If you are a business owner or an individual concerned about your cybersecurity, it's time to take action. Activated Solutions can help you to protect your business and personal data from potential cyber threats.
Contact Activated Solutions today to learn more about how they can help you protect your business. With our expertise and commitment to cybersecurity, you can have peace of mind knowing that you are taking proactive steps to protect yourself and your business from potential data breaches.
For more information, please visit: activatedsolutions.ca.
Comments