search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
| Spotlight


their expectations. For example, in the US, digital dam operators need to consider that the programmes and protective measures they use fall in line with the EPA (Environmental Protection Agency), and the FEMA (Federal Emergency Management Agency). However, any digital dam operator must also consider the data they handle and whether or not they are doing enough in line with information regulatory recommendations. For example, when setting up a cybersecurity plan, dam operators in California must ensure that any private data handled and processed is protected through guidelines suggested by the CCPA, the California Consumer Privacy Act. The CCPA can impose penalties and administrative fines if companies violate their standards – and such penalties became more expensive at the start of 2025 [3]. Extensive compliance fines can not only cause financial headaches for businesses, but public announcements of penalties can cause harm to public trust. Therefore, digital dam operators must consider a


careful balance between protecting data and public safety and maintaining a robust security posture for years to come.


What the industry can do Given the highly sensitive nature of digital dams and


the data that water companies handle and process, it’s wise for hydro operators to secure their systems and data storage with multi-factor access controls. This might include adding biometric scanning to access certain databases and tools, or simply requiring users to confirm access through separate devices before they can log in. Microsoft estimates that almost 100% of all accounts compromised through password attacks don’t have multi-factor protection in place [4]. Operators must also consider segmenting their


systems and resources to mitigate the spread of malware and hacker access. This can involve setting up different servers and hardware that stand alone


– preventing bad actors from accessing an entire network just by breaking into one device. It’s also recommended that dam operators work closely with cybersecurity professionals to scan for and assess security vulnerabilities on a regular basis. Penetration testing, for example, allows dam operators to see what hackers could access and what they could do once inside – giving them clear direction on how to tighten up their systems. Firms don’t even have to hire people in-house


to manage their cybersecurity – in fact, increasing numbers of companies are relying on outsourced external MSPs to handle technical matters [5]. Ultimately, hydropower operators should invest in their people – training dam employees can help to prevent human error, which can frequently allow hackers to gain access to systems through phishing and confidence tricks. Of course, frequently updating system hardware and software protocols will also help to protect digital dams from allowing hackers in – as will setting up and maintaining enterprise-level firewalls.


A call to action There are multiple options that dam operators can and


should follow to prevent cyber-attacks from locking down systems and leaking data. The best first step is to consult with a cybersecurity team that can help to draft and lay out a workable plan to keep systems operational and safe.


And the time is now for dam operators and policymakers to make cybersecurity a priority. With businesses globally losing trillions of dollars through data loss, reputational damage, and downtime as a result of cyber-attacks, the industry simply cannot take measures too seriously. And as cyber-attacks evolve, thanks to the emergence of AI and machine learning, too, it makes more sense than ever for hydro operators to work with cybersecurity experts to tighten up their security postures.


References


1] https://www.vikingcloud.com/ blog/cybersecurity-statistics


2] https://statescoop.com/ epa-critical-cybersecurity- vulnerabilities-water-utilities-2024/


3] https://cppa.ca.gov/


announcements/2024/20241217. html


[4] https://www.microsoft. com/en-us/security/


blog/2023/01/26/2023-identity- security-trends-and-solutions- from-microsoft/


5] https://www. outsourceaccelerator.com/ articles/9-out-of-10-firms-are- relying-more-on-external- managed-service-providers-due- to-tech-hiring-challenges/


www.waterpowermagazine.com | June 2025 | 11


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45