Dr Alex Baxendale

Dr Alex Baxendale

Vice President Consulting Expert

UK water companies are realising that one of the biggest threats they face today are state-controlled cyber-attacks designed to shut down key national infrastructure.

The vulnerability of water supply and treatment has been highlighted in a number of recent attacks in the US, including an attempt to poison drinking water by hijacking a water treatment control system in Florida and a similar attack on a treatment plant in San Francisco. Every day, UK water companies are being targeted; are their defences ready?

UK water companies now have to work out how to leverage the UK Government’s recent National Cyber Security Strategy 2022 to detect, disrupt and deter cyber adversaries. In our experience, it will be critical to take a whole business view on how best to balance strong defences with the ability to harness the latest digital innovations and connected technologies.

Two elements will be fundamental to cyber security success:

1. Realising that cyber has no boundaries

Effective cyber security runs through every aspect of the business, and it is there to facilitate and drive business change and improvement by enabling confidence and trust. It is not a silo staffed by experts who want to hold back innovation, and it should not be considered after the fact, because retrofitting is risky, more expensive and time consuming.

Organisations need to realise increasing interconnectivity of assets and systems makes embedding cyber security ever more important. Every touch point must be included in cyber security plans, from pipe infrastructure and software-based treatment systems to mobile devices and large servers, and from physical OT equipment to cloud enabled IT and IOT integration. 

This can involve driving a shift in attitude, so that the whole organisation sees cyber security as a means to empower business. Leading organisations see cyber security and innovation as intwined factors. Developing one alongside the other means water companies will be able to boldly exploit a surge in data, artificial intelligence and machine learning, confident that the service is secured.

It is also a whole life activity, with a focus on understanding and managing risk, protecting the business and operating with confidence - as reflected in the objectives laid down in the National Cyber Security Centre’s Cyber Assessment Framework. In an ever more agile world, this cycle is continuous and frequent with ongoing measurement, feedback and response.

 2. Building strong, effective relationships

On the surface, robust cyber security for water companies depends upon forging partnerships that bring in expertise in protecting critical national infrastructure. However, we believe organisations should be looking for more from their partners. The right partner will share the water company’s ethos, will understand the critical nature of the business, and will focus on delivering budgetary value rather than technology for technology’s sake.

Cyber security programmes introduced in partnership are more likely to have longevity, pushing continuity throughout the business. A good partnership drives a longer-term viewpoint, and this builds trust that the partner is invested in building the future success of the water company with ‘skin in the game’. This approach allows us to do our best work.

Partnering for a secure water industry

We have a strong track record in partnering with the UK water industry, both at a central market level and with individual operating companies. Our ethos is to bring all the benefits of our international organisation to a local level, with a local touch. That is why you will find us working close to our customers, channelling our expertise in compliance with regulations and governance to achieve optimum outcomes.

We are fully across the National Cyber Security Strategy, its implications and its potential, ready to leverage our global expertise to deliver for UK water companies.

Find out more about our full range of cyber security services, based entirely within the UK, here.

About this author

Dr Alex Baxendale

Dr Alex Baxendale

Vice President Consulting Expert

Alex re-joined the CGI Cyber Security Practice in 2006, with a particular focus on security architecture and design but also security governance. Alex has delivered security services across a broad range of industry segments within his career but has, for the past nine years, been ...