“On October 1, Durham staff identified a security breach affecting a limited component of the digital systems at the Duffin Creek Water Pollution Control Plant. The affected system was isolated and operations at Duffin Creek are currently running in auto or manual mode,” revealed the Regional Municipality of Durham, Ontario brief statement dated October 11, 2024.

“There has been no impact to any other component of the network at Duffin Creek or elsewhere in Durham’s network. There has been no impact to health, safety or the environment. No private or sensitive information is contained in the affected system, and Duffin Creek is fully operational.”

Just days later, a higher profile cybersecurity event occurred across the border. American Water Works — a Camden, New Jersey-based utility of drinking water and wastewater services — said hackers had breached its computer networks and systems.

American Water is the largest regulated water and wastewater utility company in the U.S., providing drinking water and wastewater services to more than 14 million people in 14 states and on 18 military installations. It manages more than 500 water and wastewater systems in about 1,700 communities in California, Georgia, Hawaii, Illinois, Indiana, Iowa, Kentucky, Maryland, Missouri, New Jersey, Pennsylvania, Tennessee, Virginia, and West Virginia.

Patrick White, writing for the Globe and Mail »

The Duffin Creek Water Pollution Control Plant covers an area the size of 400 football fields and treats the waste water from 1.2 million people before pumping it into Lake Ontario. The facility being compromised could wreak untold social and environmental havoc.

Fortunately, hackers had breached “a limited component of the digital systems,” according to the news release issued last month by Durham Region, the municipality abutting Toronto’s eastern border.

Durham says it has averted worst-case scenarios by containing the breach, but questions remain about the nature of the incident and, more broadly, how prepared Canadian water utilities are for the sudden barrage of cyberattacks now striking the industry worldwide.

“The threat is real, and they need to take it seriously,” Sami Khoury, Canada’s senior official for cybersecurity, said in an interview.

While ransomware attacks – in which targets are asked to pay money to access their own files – have become commonplace in corporate and government sectors, threats against the water sector have a more malicious element.

Read the whole article at Globe and Mail »

 

Last Updated on December 13, 2024