The world's most capable, rugged and secure
industrial control system...
Introducing Bedrock OSA® Remote
- Intrinsically-secure PLC and RTU control
- 10 or 20 channels of universal I/O
- Free IEC 61131-3 engineering software
- -40ºC to +80ºC temperature range
- Rugged, all-metal case 5.4 in x 8.9 in x 2.3 in
Open Secure Sustainability
Cyber security and sustainability go hand in hand in critical infrastructure operations. We must protect the automation that supports clean, efficient operation and we must also prevent evil-doers from weaponizing our resources. This month we look at the issues for the water industry.
August 26, 2021 | Robert Bergman
Cyber security contributes to environmental sustainability in at least two ways. Primarily they are protecting the automation systems and keeping the critical infrastructure operating routinely with maximum efficiency, cleanliness, and safety. But increasingly they are charged with preventing malcontents from exploiting our dependency on infrastructure to weaponize those systems. We’ll look at the water supply chain from the perspective of both objectives.
The Cybersecurity and Infrastructure Security Agency (CISA) estimates that there are approximately 153,000 public drinking water systems and more than 16,000 publicly owned wastewater treatment systems in the United States. More than 80 percent of the U.S. population receives potable water from these drinking water systems, and about 75 percent of the U.S. population has its sanitary sewerage treated by these wastewater systems.
Improving operational efficiency
As an example of how automation helps water producers deliver this volume of water cleanly, the city of Hot Springs, Arkansas has reduced water consumption and improved water quality by upgrading the controls on its automated backwash process. Where the flow rate of its six legacy filters varied wildly between 1,400 and more than 2,000 gallons per minute (gpm), the upgraded system kept flow at a consistent level, of just under 1,000 gpm. (More detail available here.)
In an open letter to President Biden on the state of the water industry, the American Water Works Association (AWWA) and a consortium of leading water agencies identified “environmental” protection as one of the four main reasons for the government to invest to support the water infrastructure, along with public health, firefighting, and economic growth.
Reducing cyber vulnerability
The CISA reports that the water and wastewater sector is vulnerable to a variety of attacks, including contamination with deadly agents; physical attacks, such as the release of toxic gaseous chemicals; and cyberattacks. The result of any variety of attacks could be large numbers of illnesses or casualties and/or a denial of service that would also impact public health and economic vitality. They say the sector is also vulnerable to natural disasters. Critical services, such as firefighting and healthcare (hospitals), and other dependent and interdependent sectors, such as energy, food, and agriculture, and, would suffer negative impacts from a denial of service in the water and wastewater sector.
The unsuccessful hacking attack at the Oldsmar, Florida water plant earlier this year demonstrates what potential harm can be done. In this case, it was an unsophisticated hacker that tried to instruct the plant’s automation system to boost the level of a treatment chemical — sodium hydroxide — to catastrophic levels. Fortunately, the system could not implement the command. But it does indicate the kind of havoc a more sophisticated hacker could wreak. And this was not the first attack on the water industry.
Reaching the pumps
In 2011, a group of hackers allegedly based in Russia, compromised the computer networks controlling drinking water infrastructure in an unnamed city in Illinois. They gained control of a pump used to distribute drinking water through a pipeline and switched one of the pump’s valves on and off so many times that the pump broke. They then made it known that they had also gained access to South Houston’s water supply system, which had been protected by only a three-letter password.
Hacking for data
In 2016 hackers accessed the backend of a network that controlled a drinking water treatment plant. Employees noticed weird behavior in the PLCs responsible for releasing treatment chemicals to the process. Verizon Solutions, which was managing some of the network, determined that hackers, allegedly with ties to Syria, were able to access the credit card and billing information of 2.5 million ratepayers. They apparently did not, however, try to do anything with the PLCs, but in today’s threat landscape, the threat to do so might have generated a ransomware payment.
The water industry is one of the four primary components of the critical infrastructure, with energy, transportation, and disaster response being the others. All have significant relevance to sustainability issues and a role in cyber security. See the related stories below for more info.
For more articles on open secure sustainability download: