Schneider Electric Water & Wastewater Webinar
October 27, 2020
By Sarah Pickard
Episode 2 of Schneider’s hour-long webinars—this one focusing on The Importance of Industrial Cybersecurity for Water & Wastewater Works & Networks, commenced without a hitch over Cisco. The panel’s speakers included moderator Keren Verch, Andrew Nix, Sean Bouchard, Martin Caspar, Laurence Stan, Mike Mulligan, and Marayan Dada.
While the importance of cybersecurity cannot be understated in the IoT age, much of the conversation focuses around data security in the financial, military, and private sectors. However, as our panelists were quick to stress, the vulnerability of our water and wastewater systems shouldn’t be overlooked. Martin Caspar, Technical Services Director at Veolia Water Solutions & Technologies North America, certainly hasn’t. It’s important, Caspar states, to identify risk as soon as possible. That’s why they’ve employed smart sensors at major events like the London Olympics to quickly detect chemical and biological contaminations before widespread disaster can take place. But, these sensors are only as good as the data they collect, and data that has been corrupted by cyberattacks can generate a threat to human life in terms of response time and emergency services intervention, which is why it is essential to keep data secure.
As Mike Mulligan pointed out, the losses caused by cyberattacks to a population’s water and wastewater systems can add up quickly in terms of health, both for the locals, and the environment. Many plants are remote, and unsecure communication systems are a current reality of the system, either because of spotty or nonexistent cell service, or lack of cables. These remote access points are a risk. As Mulligan stressed, “Security through obscurity only gets you so far.” He recommends that sites investigate replacing outdated phone lines with secure wireless connections and adding encryption before disaster, not after. And when it comes to access in a system, it’s best to start from a position of completely locked down and open access as needed, instead of beginning wide open and closing as you go.
Andrew Nix, Schneider’s own Operational Cybersecurity Consultant, explains that most cyberattacks aren’t targeted to a specific facility. Instead, these viruses look for blanket vulnerability and infect whatever they can find, lurking for days and weeks while it infects systems. By the time the problem is discovered, these viruses can cause major damage. He recommends facilities develop and practice a recovery plan, the same way you would for a natural disaster or a fire drill.
However, even once security has been increased, Laurence Stan reminds us that 99% of problems occur due to human error. By establishing a good policy of change to regulate and moderate any code updates or changes to the system, he is confident that 95% of your headaches will be reduced.