Cyber Security for Water and Wastewater Facilities

At the Water Environment Federation‘s upcoming Technical Exhibition and Conference (WEFTEC 2011), October 15-19 in Los Angeles, Emerson’s Doug Johnson will share his thoughts on water and wastewater infrastructure funding, master automation planning, energy optimization, and cyber security.

Doug will present during the 2011 MCAA [Measurement Control and Automation Association] Industry breakfast at WEFTEC on October 18th.

Water security is a critical topic for water and wastewater facilities. It impacts nearly every part of our society from where we live to our health and wellbeing. Unfortunately, these facilities are targets for cyber attacks. Doug will note that these cyber attacks have already occurred at water and wastewater facilities. I did a quick Google search and saw one example in a post, SCADA Report: Incidents Continue to Grow on the ISS Source blog.

The consequences from these cyber attacks can be severe. Some of these include:

  • Contaminated / poisoned drinking water
  • Interruption of water services
  • Release of chlorine and other dangerous chemicals
  • Raw sewage contamination of rivers and lakes
  • Reduced firefighting capability
  • Hospital and school closures
  • Evacuations of housing for the elderly
  • Government and business interruptions
  • Flooding and other destruction from dams and reservoirs

There is no magic solution to prevent cyber attacks. In an earlier post, Cyber Security Critical Infrastructure Protection Compliance, I highlighted standards specific for electrical power producers in North America. Many of the standards developed serve as best practices for protecting critical infrastructure in other industries including water and wastewater facilities.

Much like process safety programs, a cyber security program requires an ongoing process, which includes technologies, work practices, training, and visibility of the importance of the program from high levels within these organizations.

Doug will share some ways security layers of protection have been added into Ovation control systems, which are found in many water and wastewater facilities. These layers of security measures are organized in the Ovation Security Center security management functions. Some of these functions, referenced in the Ovation System Security document, include user and role management, anti-virus protection, physical workstation hardening and lockdown, firewalls, vulnerability scan and patch management, malware prevention and intrusion detection, and security incident and event management (SIEM).

If you’ll be out at WEFTEC, make sure to sign up for the MCAA breakfast and bring your cyber security-related questions for Doug.

MP3 | iTunes

Audio clip: Adobe Flash Player (version 9 or above) is required to play this audio clip. Download the latest version here. You also need to have JavaScript enabled in your browser.

5 comments

  1. You might find increased interest by marketing security features as system integrity monitoring features.  This could improve availability simply by making everyone more aware of the traffic and

  2. Dear Jim,

    Thank you for this useful information – prior to 9-11, who would have thought the water and wastewater systems might be the targets of violent attacks?

    Where can one find info on Doug’s presentation?

    Kind regards,
    Claudius Jaeger, Jaeger Aeration

Leave a Reply