(TNS) — Earlier this year, the plot of a spy thriller unfolded at a
Without warning, hackers breached the computer system operating the plant on
Luckily, the operator was able to restore chemical levels to normal once hackers exited the system, narrowly averting a disaster that could’ve poisoned 15,000 people in the small city of
“Water systems, like other public utility systems, are part of the nation’s critical infrastructure and can be vulnerable targets when someone decides to adversely affect public safety,”
The Garden State Network, the IT infrastructure on which the state government runs, faces an onslaught of 4 million cyberattacks each day, said
“The country is running off of a lot of what we’re doing infrastructure-wise,” Maples said. “And because of that, I think we’ve been forced to adopt some of these principles well ahead of time.”
Last fall, for example, the
The Jersey City MUA did not respond to requests for comment for this story.
“There has been a marked uptick in cyber attacks, specifically over the last year, but really over the last several years,” Maples said. “The water industry is just as just a part of that, just like every other private sector and critical infrastructure.”
The Water Quality Accountability Act (WQAA,) which was passed by state lawmakers and signed by Gov.
“I think from a cyber side, if there were gaps, that act really cleared them up,” Maples said.
The WQAA requires water systems to join the New Jersey Cybersecurity and Communications Integration Cell, which is part of Maples’ office. To maintain membership, water systems must exhibit industry best practices, like cybersecurity training for staff and creating “air-gapped” networks to keep critical infrastructure separated from the Internet.
Some large, private drinking water systems are regulated by the
Under state law, any utility that violates a BPU order can be fined up to $100 for each day out of compliance. It is unclear if the BPU has ever issued fines for a utility that failed to meet the standard of that 2016 order.
Those BPU-regulated utilities comprise a small group of six companies:
“Because the WQAA does not provide the DEP with authority to take enforcement action against systems that have not met the reporting requirements, no violations have been issued,”
And there’s a simpler problem: Some water systems just don’t fill out the forms. In 2018, the first year the forms were due, 16 water systems failed to send them to DEP. In 2019, that number grew to 25, and in 2020 it reached 26.
The BPU said all six of the water utilities it regulates have completed the forms in the past three years.
That bill has cleared the state
Maples said he supports the effort to update the WQAA, and any other efforts to strengthen cybersecurity in
“I think we’re throwing the kitchen sink at it,” Maples said. “We want to make sure we’re ahead of those that are behind (the threat).”
©2021 Advance Local Media LLC. Distributed by Tribune Content Agency, LLC.
Never miss a story with the daily Govtech Today Newsletter.