OT for Resilience and Resilience for OT

The recent hacking incident at the Florida water utility brings the concept of resilience to the forefront, but it had already been receiving serious attention. On February 23, several hundred water industry professionals attended the first in a series of workshops that address broader issues of resiliency. And well before that, the U.S. Congress passed the America’s Water Infrastructure Act of 2018, which requires water systems serving communities with populations greater than 3300 to file a Risk and Resiliency plan by June 30, 2021.  The plan must assess the following aspects of their water supply systems:

1. Risk from both malevolent acts and natural hazards
2. The resilience of the system’s pipes and constructed conveyances, physical barriers, source water, water collection and intake, pretreatment, treatment, storage and distribution facilities, electronic, computer, or other automated systems (including the security of such systems) which are utilized by the system
3. The monitoring practices
4. The financial infrastructure
5. The use, storage, or handling of various chemicals
6. The operation and maintenance

OT for Resilience

The need for communities to assess their operation technology (OT) is called out specifically in point 2 above, which mentions treatment and automation systems. OT is also very important to the “monitoring” called out in point 3 and to “operation and maintenance” called out in 6.  A recent report titled “Improving Resilience in Water and Wastewater”, from industrial data platform vendor OSIsoft, describes how OT enables resilience through automation, remote monitoring, and data-driven action, including the following:

• New industrial Internet of Things (IIoT) sensors and solutions that provide process monitoring in real-time with operational visibility across critical operating parameters such as flows, pressures, water quality, and potential upsets, from anywhere
• Equipment monitoring and performance analysis that can inform decisions about which components such as spare pumps, seals, or other parts should be stocked on-site if a crisis prevents timely supply chain access
• Improved management of peak demand scenarios and system capacity issues, through analysis of data which would not be evident without work from home orders

The OSIsoft report cites that in all such examples the key enabler is “secure, reliable, accessible, and flexible digitization of real-time operations – a digital twin …” They also stress that “operational resilience is within reach for any organization, regardless of size or internal skills.”

Resilience for OT

It is fitting that the above lists of key enablers begins with “secure.” In these days of underfunded operations, bringing OT automation, remote monitoring, and data-driven action “within reach of any organization,” requires the exploitation of open standards and COTS technologies. But with “openness” comes cyber-vulnerability and that must be addressed. The good news is that advanced cyber security itself is within reach as well. Here is a checklist for security consideration that would give your OT the resilience it needs to protect all operations:

• For any new automation investment in PLCs, RTUs, DCS, power supplies and other OT, consider solutions with cyber security built-in. These shouldn’t cost more than unsecure technology and could save you thousands on protection that otherwise has to be added after the fact and even then, it is not as effective.
• Legacy equipment can be secured inexpensively through proxy servers with built-in security while you are transitioning to newer OT to handle increased connectivity and data handling.
• All-metal, anti-tamper enclosures would make it impossible to physically access electronics without destroying the functionality.
• Controls should be also able to withstand the following cyber-physical challenges:
  • Extreme Electrical Fast Transients from process anomalies and lightning
  • EMP attacks
  • Temperature operating range between -40 C to + 80C (-40 F to + 176 F)
• Advanced multi-core computing performance and extended RAM and ROM memories.
• And ideally, your OT should be made in America with a supply chain immune to malware and other cyber attack vectors.

So, as you further develop strategies to reduce risk and instill the resilience you define in your plan, keep OT in mind as a key enabler. For more about what Bedrock Automation is doing to secure and improve water operations, download our free case histories here.