Adopting emerging technologies for the management of water facilities is a priority supported by both financing and partnerships, and part of the financial resource earmarked for a project must also go to cybersecurity, deputy director of the National Cybersecurity Directorate (DNSC) Stelian Cristea said on Wednesday at a workshop on cybersecurity in the Romanian water industry organised as part of the Danube-Eastern Europe Regional Water Forum.
"Adopting emerging technologies for water facility management is a priority supported by both funding and partnerships. Then, I saw the concern for the staff, for people with skills specific to the field, and also specific to the digital field and cybersecurity (...) What I would emphasise in these lines of effort that you have opened is the fact that, if we are talking about programmes for the modernisation of water management facilities, then cybersecurity must be included. A portion of the financial resource earmarked for the larger project or projects must be allocated to cybersecurity. We notice that the cyber threat, when we talk about resilience for services for the population and even the security of companies, in extenso, is one of the most significant lines of action for business success. It should not be forgotten for a second that these developments also bring greater exposure in cyberspace and therefore, even more, cybersecurity measures are imposed," Cristea said, Agerpres reports.
According to the DNSC specialist, at present, cyber attackers look for vulnerabilities in systems in large areas, without focusing on a certain segment.
"We have seen that cyber attackers or the interest in exploiting security breaches is no longer even focused on one area. Now, because technology allows, cyber attackers use relatively easy-to-learn and exploitable tools to look for vulnerabilities over a wide range or look for vulnerabilities across large domains and continuous domains. It doesn't matter what an organisation or a field is following or not, but simply, with mass scans, they identify vulnerabilities and attack there. This has been the case in many water management systems, not necessarily in our country, but in the region and even in the United States. There are multiple examples of this type of malicious activity."
The official also mentioned that the NIS2 Directive should be appreciated for the effects of its application in organisations rather than for the high costs of implementation.
"In the context of our activity today, related to water management, I would also mention Emergency Ordinance 155 which transposes the European Directive NIS2 into national legislation and which tries to consolidate or bring to a common level, a minimum level of cybersecurity, all the networks that provide services to the population, to society. Perhaps the implementation of NIS2 is apparently expensive, but the effects will be seen over time. It is not only the cost of implementation that must be assessed, but also the effects it can have on the resilience of water supply organisations and on the resilience of the networks that support the supply of water to the population (...) We can finally develop together a document with the main risks in the field of drinking water, with a prioritisation of them and then, based on such document - made on the basis of the ISO 27001 standard - we will also be able to identify and prioritise those risks, and you can then prioritise the measures you can implement, in order to progressively raise the level of protection of the networks that support the delivery of drinking water," Cristea explained.
The Romanian Water Association (ARA) organised, June 23-25, at the Romexpo Exhibition Centre in Bucharest, the 25th edition of the Danube-Eastern Europe Regional Water Forum, as well as the ExpoApa international specialist exhibition.
Comentează