Monday, July 23, 2012

Cyber Security: AWWA - Water Treatment - Update

AWWA ACE12 — Dallas, TX June 10-13, 2012

The AWWA annual conference for 2012 has come and gone.  It was a great conference in many respects this year:  It was held in my home state of Texas, it was the first year we had a cyber security presence in our booth, I participated in my first standards committee meeting as a voting member, and we started reviewing the ANSI/AWWA G430 “Security Practices for Operation and Management” standard. 

Cyber security and water are two words I would have never thought would appear in the same sentence, given my background in process controls and the many times I’ve been at some remote well site with nothing but a chain link fence and a pad lock between me and the PLC (which I could access wirelessly) that operated the site.  Then, on that fateful day of September 11, 2001, everything changed.  Homeland Security Presidential Directive-7 identified the “Critical Infrastructure and key resources which provide the essential services that underpin American society.”  One of the eighteen was drinking water and waste water treatment systems.  In response, the Water Sector Coordinating Council Cyber Security Working Group (sponsored by American Water Works Association and the Department of Homeland Security) released the “Roadmap to Secure Control Systems in the Water Sector” in March 2008.  This document captured many findings and recommendations and is one of the driving factors behind the development of the ANSI/AWWA G430 standard. In my opinion, we are still in the phase of educating the industry about cyber security, its value, and the potential consequences of ignoring it. 

As late as last year (coincidently over the September 11th weekend) at the 2011 Water Security and Emergency Preparedness Conference in Nashville, TN, I saw hardly any cyber security representation.  Security was still identified as fences, locks, cameras, contamination monitoring—anything to physically keep the bad guys out.  There was little attention paid to that PLC behind the fence that was now directly accessible from the internet.  I’m glad to say that I think things are definitely changing.  I’ve had several opportunities to speak at regional AWWA/WEF events about cyber security and I managed to volunteer for the standards committee. Enquiries from water and wastewater clients are increasingly concerned about cyber security.  This year is looking bright; we just finished up the AWWA annual conference, the standard draft is making its rounds, I’ve had conversations with high-level members of AWWA saying that cyber security is a major initiative, and I’m on the schedule to present at the 2012 Water Security and Emergency Preparedness Conference “Best Practices in SCADA Cyber Security.” 

I look forward to seeing all of you in St. Louis, MO September 9-12, 2012.



Michael Martinez
Principal, Critical Infrastructure & Security Practice
Invensys


2 comments:

  1. I truly like to reading your post. Thank you so much for taking the time to share such a nice information.
    cj4water

    ReplyDelete