When it comes to IT matters these days, everything is AI 24/7. But companies can’t take their eye off other IT matters like cyber risk. Data privacy breaches are important, but you still need to remember potential environmental risks if IT security is breached at manufacturing facilities or utilities. Last week, CNN reported that a wastewater treatment plant in Tipton, Indiana was hacked by a group out of Russia. The article explained that
“US officials have been warning that the country’s water systems need to shore up their defenses in the face of persistent threats from state and criminal actors. Cyberattacks are hitting water and wastewater systems ‘throughout the United States’ and water facilities must improve their defenses against the threat, US national security adviser Jake Sullivan said in a letter last month to state officials.”
Fortunately, nothing happened at Tipton. But wastewater treatment involves chemicals that pose environmental risks and community chemical exposure threats. Even as small as Tipton is (5,000 people), releases of and reactions between the chemicals could have been catastrophic.
Sometimes we forget that computer systems are responsible for safety controls/devices, chemical dispensing and process control monitoring at industrial facilities. At older facilities, legacy control systems can be archaic and without updated cyber security systems that are commensurate with the related risk. Environmental and safety staff at industrial facilities should probe deeper into process controls at critical systems and materials management operations that pose high risk of environmental or safety incidents impacting employees and the community. That probably isn’t on any audits or site inspection checklists – but it should be.
If you aren’t already subscribed to our complimentary ESG blog, sign up here: https://practicalesg.com/subscribe/ for daily updates delivered right to you.