Cybersecurity very weak at critical Dutch water management sites

Water locks and pumping stations in the Netherlands are in danger of being hacked due to inadequate computer hardware and software, according to an investigation published by the Telegraaf. Security software is updated just about every five years, a sign of poor maintenance, and the computer systems that control the water operations date back as far as the mid-1980s, the newspaper said.

"Locks and pumping stations can always be operated manually. You can never be totally safe, you never know what might happen," a spokesperson for the association of local water boards told the paper. Security is a top priority, but manual operation is always available in case the automated systems are hacked, the spokesperson added.

Business association Evofenedex called noted the urgency of maintaining critical infrastructure for the transportation of goods. "The hacking of a sea container terminal earlier this year at the Port of Rotterdam shows that importance. That hack cost Dutch businesses tens of millions of euros from delays and product damages," an Evofenedex spokesman said.

Software and hardware updates are a key method of thwarting hackers searching for known vulnerabilities. By hacking a water lock or a pump, a hacker could control the gates that determine if water is blocked or released.

The newspaper also raised issue with the poor choice of passwords used to access remote operations of sewage pumps and locks.