Continuous advancements in technology and the internet are increasing the need for cybersecurity, to protect confidential data from cyberattacks. In the past few years, there has been a considerable increase in cyberattacks targeting critical infrastructure systems across the world. As per a survey by a cybersecurity firm, over 90 per cent of organisations that use operational technology systems have experienced some sort of cyber incident during 2020-21. These attacks have ranged from the malware-induced power outage in Mumbai, India, to the ransomware attack on the Colonial oil pipeline in the US.
The outbreak of Covid-19 is anticipated to have a positive impact on the growth of the cybersecurity industry, due to the acceleration in the digital transformation of companies. The global cybersecurity market is expected to grow at a compound annual growth rate (CAGR) of 11.2 per cent from 2019 onwards, to exceed $300 billion by 2027. The Asia-Pacific cybersecurity market is expected to grow at the fastest CAGR during this period.
India’s critical infrastructure systems such as water, gas and other government services are vulnerable to cyberattacks. According to the Data Security Council of India, the country’s cybersecurity industry has nearly doubled in size amid the pandemic, with revenues from cybersecurity products and services growing from $5.04 billion in 2019 to $9.85 billion in 2021. The growth was largely fuelled by rapid digitalisation, increased regulatory attention to data and privacy, and growing awareness around cyberthreats, among other factors. India’s cybersecurity workforce has also increased from 110,000 employees in 2019 to 218,000 in 2021.
Digital transformation in the water sector
Water is a critical resource. It is not only a basic need of life, but also an enabler of various industries such as agriculture, power generation and construction. Water purification and wastewater facilities are important, and the need for clean and safe water is constantly growing. However, access to water is negatively influenced by factors such as climate change, ageing infrastructure, and the increasing cost of operating and maintaining facilities. As the water scarcity problem deepens, the need for water utilities to adopt a technological paradigm shift for effective use of water resources becomes more important.
Water and wastewater treatment plants in the municipal and industrial sector are operated through supervisory control and data acquisition and programmable logic controllers with sufficient interlocks and safety features. During the initial days of the Covid-19 pandemic, to mitigate the risk posed by the heavily diminished manpower at the sites, the plants in India were being monitored from remote locations using centralised network operations. This helped experts monitor multiple plants located in different areas, as well as virtually commission the equipment.
The digitalisation of water supply infrastructure has the potential to solve current problems as well as help anticipate and address future challenges. The Jal Jeevan Mission aims at providing functional tap water connections to every rural household by 2024, with a particular focus on service delivery. This includes regular water supply of a prescribed quality, in adequate quantities, on a long-term basis. This necessitates the use of modern technology to monitor the programme and capture service delivery data automatically for ensuring the quality of services.
One of the measures undertaken by the national Jal Jeevan Mission, in partnership with the Ministry of Electronics and Information Technology, to harness the power of technology in water management was the launch of the ICT Grand Challenge to create an innovative, modular and cost-effective solution for developing a smart water supply measurement and monitoring system, to be deployed at the village level in India.
Intelligent water and internet of things solutions have been helping water agencies increase their efficiency and provide better services to customers. However, as a result of the adoption of new technologies such as digital networks, real-time data acquisition and analytics, and remote operations, water systems are now open to substantial cyber risks.
In a recent study conducted by CloudSEK, the water quality management software of an Indian conglomerate was found vulnerable. The software was found to be configured using the default manufacturer’s credentials, thus enabling attackers to modify water supply calibrations, stop multiple pivotal operations treating the water, and even manipulate the chemical composition of the water. As per the analysis, India topped the list of 20 countries with 13 critical installations using default credentials, making them highly vulnerable. These installations oversee some of the water sources responsible for supplying drinking water.
Cybersecurity for water supply networks
Water purification and wastewater treatment operations are becoming more interconnected and digitised. Waterworks operations are being improved through technological advancements that rely on increased interconnectivity and automation. Industrial cyberthreats are thus core risks to the safety, reliability and continuity of operations in the water sector. Thus, there is a need for comprehensive network security.
India has seen an exponential rise in cybersecurity incidents amid the coronavirus pandemic. It is mulling over a holistic cybersecurity policy that will cover various verticals of potential attacks or situations, both internal and external. Currently, the response to cybersecurity threats falls under the Information Technology Act and the Indian Penal Code. The Indian Computer Emergency Response team takes care of incident response, and the National Critical Information Infrastructure Protection Centre looks after the critical infrastructure. The government is formulating a National Cyber Security Strategy – a policy that would stress the need for a legislative framework to address the emerging challenges in the technology space. The strategy aims to create a comprehensive system, with both state-owned and private companies having to comply with cybersecurity standards. It would focus on critical infrastructure such as water, gas, health and air.
Fearing cyberattacks on the new internet protocol-based water supply management operations for the city, the Ahmedabad Municipal Corporation (AMC) has sought a robust cybersecurity cover for its water supply network. The AMC is expected to invest over Rs 70 million in the project. Among the major operations that are being outsourced are repair and maintenance of level transmitters, water flow transmitters, water pressures transmitters, analysers, and energy meters; as well as maintenance of supervisory control and data acquisition operations for water supply, including that of three water distribution systems, treatment plants and four French walls.
The adoption of intelligent devices and other technological upgrades is a step forward in the critical infrastructure and manufacturing sectors. While these innovations are a step in the right direction, they also expand the threat landscape. The future of technology is bright, but it will only remain so if cybersecurity is prioritised at every level.