The Ontario Clean Water Agency (OCWA) has released a statement on cybersecurity, calling on municipalities to put best practices in place to protect sensitive data from digital attacks.
Consistent with Water Canada’s coverage of the issue, most recently in the feature Evaluating Digital Risk in a World of Cyber Threats, OCWA internal protocols and staffing structures are vital in protecting data. Equally important is making sure staff is educated on key vulnerabilities.
OCWA’s statement follows in full:
Cyberattacks are on the rise globally— and no individual or organization is immune.
A number of Ontario municipalities have fallen victim to these attacks and been locked out of their systems—with hackers demanding a “ransom” to unlock them. Fortunately, vital services such as fire, water and waste-management services were not affected as a result.
If vital services are successfully compromised in an attack, the consequences can be very serious: operational downtime, financial losses, and threats to public health and safety.
As an operator of more than 800 water and wastewater systems across Ontario, OCWA is a leader in the adoption of cutting-edge technology to ensure the safety of our own data and the data of our clients. We have a cyber security management system—developed by industry experts—that detects and protects against threats to the network infrastructure, applications servers and data storage.
Protection of Client Data Top Concern
“The protection of client and OCWA data is my top concern,” said Sav Chawla, VP of Information & Information Technology at OCWA. “We are continually reviewing, enhancing and adapting our cybersecurity measures to ensure that your water and wastewater services are protected.”
OCWA follows industry best practices and additional procedures as required of a Crown Agency, including:
- Certified IT personnel dedicated to strengthening the security and resilience of our network infrastructure and protecting your data.
- Multiple layers of defense and proactive security controls to thwart, mitigate, and effectively respond to evolving cyber threats.
- OCWA’s internal quarterly risk management reviews.
- A cycle of continuous improvement, application patching and upgrades, and annual security awareness education and training for our staff.
- We follow the National Institute of Standards and Technology Cyber Security Framework and also receive regular notifications from many expert sources, including the Canadian Centre for Cyber Security.
To learn more about how OCWA is protecting your data from a potential cyberattack, please contact your local Business Development Manager or email [email protected].
Protecting your municipality from Cybercrime
Sav Chawla, OCWA’s VP of I&IT, recommends that municipalities hire a cybersecurity specialist to assess the vulnerabilities of your internet-connected systems and help you to implement a tailored cybersecurity program. She says any program should include the following measures:
- Establish detailed and thorough policies pertaining to Internet use. Implement best practices for user behavior; for example, using strong passwords, identifying and reporting suspicious links.
- Maintain multiple timely and complete backups of your critical systems and data.
- Whatever is connected to your network is at risk in a cyberattack. Have a separate off-site, encrypted and disconnected backup.
- Regularly test your backups and practice restoring your system from those backups.
Visit the Canadian Centre for Cyber Security for more tips and information on current trends.