Report finds leaks in Halifax Water cybersecurity programs

Report finds leaks in Halifax Water cybersecurity programs

An audit of Halifax Water by the Halifax Regional Municipality’s auditor normal has discovered deficiencies within the utility’s cybersecurity, together with workers clicking hyperlinks in emails.

As a part of the audit, an e mail purporting to be from a official supply with a hyperlink, often called a phishing e mail, was despatched to 55 workers of the utility to check their consciousness of safety protocols.

In keeping with the report, 45 workers clicked a hyperlink within the e mail and offered their credentials. Three others clicked the hyperlink however didn’t submit their credentials.

Auditor Common Evangeline Colman-Sadd’s audit checked out supervisory management and information acquisition (SCADA) programs and made 21 suggestions for bettering safety. 

The report stated if safety is compromised it might have an effect on management of the system and the availability and high quality of water.

The logo of Halifax Water on a bill is seen through a glass of water.
Halifax Regional Municipality’s auditor normal issued 21 suggestions. (Jonathan Villeneuve/Radio-Canada)

The utility has agreed to all the suggestions for strengthening safety included within the report. The audit was undertaken from January 2020 to November 2022.

Weaknesses recognized in the report embody an absence of adherence to insurance policies, inadequate controls on bodily entry to the plant and workplaces, and no course of to handle stock of spare components.

“Halifax Water has not offered enough oversight of its operational expertise (SCADA system) safety dangers,” Colman-Sadd stated in an e mail accompanying the discharge of the report. 

“The audit discovered gaps in inner insurance policies and procedures, and casual procedures meant to scale back dangers for the safety and availability of the SCADA system.”

Photo of Evangeline Colman-Sadd  at a microphone
Evangeline Colman-Sadd is HRM’s auditor normal. (Robert Quick/CBC)

The report stated suggestions to Halifax Water from a safety marketing consultant between 2016 and 2019 haven’t been put in force.

No specifics

In a response to the report, Halifax Water stated it accepted the findings however did not present specifics of its response plan.

“We frequently work to safeguard our infrastructure and data expertise programs, however there may be all the time room for enchancment,” Louis de Montbrun, Halifax Water’s appearing normal supervisor and CEO, stated in a information launch.

De Montbrun stated some work has already been achieved to enhance their programs and the utility would deal with the remainder in “a financially and operationally prudent method.”

The audit included operational and monitoring programs however didn’t embody programs managed by the data companies part of the utility.