Cybersecurity for Water Utilities

by | Jul 7, 2014 | Control & Safety Systems, Industry, Water & Wastewater

Jim Cahill

Chief Blogger, Editor

SCADA-CybersecurityOne only has to do a Google News search on cybersecurity to know it is a key concern for businesses across the globe. In a Water Online article, SCADA Cybersecurity: What Every Water Utility Should Do Now To Prevent An Attack, Emerson’s Doug Johnson shares areas of concern and a path for water utilities to follow in their cybersecurity improvement efforts.

Doug notes that security threats are becoming more difficult to detect.

“Fifteen years ago, cybersecurity breaches of SCADA [supervisory control and data acquisition] systems were not that big of an issue because every SCADA manufacture used different technology. Now there is more similarity across the systems, more people are experts, and wireless technology and the Internet have given hackers the ability to connect with computers halfway around the world.”

Putting together a cybersecurity program takes much work. It starts with creating a comprehensive SCADA cybersecurity plan and by understanding to what the SCADA system is connected.

“Evaluate and manage the elements connected to your SCADA system on a regular basis,” said Johnson. “Things get added on all the time, and even just connecting a thumb drive can cause a huge security risk.”

Part of the planning process is to identify gaps and vulnerabilities. Next is to create a defense plan:

…that specifies exactly what to do if a new threat is identified…

AWWA-Security-GuideThe article’s author highlights several resources to assist in this planning process:

Cybersecurity issues can come from within a water utility:

“We think of security breaches as a bad guy with a truck full of explosives driving through the front gate, but security problems can also come from a disgruntled employee, an untrained employee, or a contractor that has access to the system. It can happen pretty close to home,” said Johnson.

As new employees replace those with years of experience, it is important to train them thoroughly on all SCADA security protocols, so that lack of knowledge doesn’t increase cyber threat risk.

Doug explains the importance of focused efforts and responsibility:

“The ones who do it best recognize that it is an ongoing effort, and it takes people making it a big part of their responsibly,” explained Johnson. “A water utility really needs someone whose job is to be responsible for cybersecurity, someone who understands that SCADA has its own security concerns.”

If there isn’t someone qualified or available at a utility to take responsibility for SCADA cybersecurity, utilities should consider turning to outside experts or consultants. More often SCADA security is becoming an outsourced job function, explained Johnson.

Emerson’s Power & Water Solutions team can help you in this process with a Cyber Security Assessment. Read the full article and visit the highlighted resources to advance your cybersecurity defenses and processes.

You can also connect and interact with other utilities professionals in the Water & Wastewater track of the Emerson Exchange 365 community.

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe for Updates

Follow Us

We invite you to follow us on Facebook, LinkedIn, Twitter and YouTube to keep up to date on all the latest news, events and innovations to help you take on and solve your toughest challenges.

Want to re-purpose, reuse or translate content?

Please do, Just link back to the post and send us a quick note so we can share your work. Thanks!

Our Global Community

Emerson Exchange 365

The opinions expressed here are the personal opinions of the authors. Content published here is not read or approved by Emerson before it is posted and does not necessarily represent the views and opinions of Emerson.