Vulnerabilities highlighted after cyber intruder tampered with treatment plant in Florida
A Florida city whose water system was hacked last week said Friday that it completed a federally mandated security-risk assessment three months ago, but hadn’t yet integrated the findings into its emergency plans.
The hacking incident—occurring after a security review—has thrown into stark relief a vulnerability of the more than 50,000 community water systems that supply most Americans with their drinking water: they don’t have to meet any national standard for cybersecurity.
That is in contrast to electric utilities, which have had to meet increasingly stringent rules since 2008 for the physical and cybersecurity of key assets and, more recently, for parts of their supply chains. Rules for the electric industry are reinforced by monetary penalties for violations.
The Wall Street Journal
By Rebecca Smith
Feb. 12, 2021 1:23 pm ET