Water Online

March 2013

Water Online the Magazine gives Water & Wastewater Engineers and end-users a venue to find project solutions and source valuable product information. We aim to educate the engineering and operations community on important issues and trends.

Issue link: http://wateronline.epubxp.com/i/110987

Contents of this Issue

Navigation

Page 23 of 38

Cybersecurity In the last year alone, the number of attacks against critical infrastructure reported to the Department of Homeland Security increased by 383%. How to prepare: Even after securing against known threats and vulnerabilities, utilities cannot rest on their laurels. Ongoing investment in security is needed to better prepare for not just today���s threats, but what may come tomorrow. Point products are not enough, as attackers are developing methods to evade conventional defenses. What���s necessary is a comprehensive security management strategy, which may also require outsourcing to experts. Security is not part of water expertise, and water devices were certainly not built with security in mind. Even for the experts, the fix is neither quick nor easy. Chris Blask, founder and CEO of ICS Cybersecurity, helps frame the task at hand, ���There are more than 18,000 water systems in the United States. If we as a nation decided today that cybersecurity is one of the most important things we can do, 1, 2, or 3 years is not long enough to get it done. Considering the risk context that water systems face ��� what it was 1 year ago, 5 years ago, and 10 years ago, and what it will be in 1 year, 5 years, and 10 years ��� it seems very clear that right now is the time to start addressing this. This is a process that not only will take a long time, but really has no end.��� Unknown Unknowns ��� Things We Don���t Know We Don���t Know Perhaps scariest of all are cyberattacks devised and delivered in a way that has yet to be imagined. By definition, it���s impossible to ready specific safeguards or remedies for the unknown unknowns, but you can nonetheless prepare emergency procedures. How to prepare: There are four acknowledged phases of emergency management. The first is mitigation ��� incorporating measures to reduce or eliminate future risk ��� which was largely addressed in the two previous risk segments. From 2009 to 2011, the U.S. Environmental Protection Agency (EPA) conducted collaborative, statelevel water sector emergency response exercises to address the remaining three phases: preparedness, response, and recovery. What follows are the ���lessons learned��� that were included in the 2012 report. ��� Plan and coordinate with response partners before an incident. Coordination before an incident occurs and during the incident response ensures that all water sector response partners in a state will have the situational awareness essential for appropriate response and resource management. ��� Be prepared to conduct damage assessments. Utilities are encouraged to complete pre-incident infrastructure assessments to expedite recovery and reimbursement for 24 wateronline.com ��� ��� ��� ��� repair or replacement of damaged infrastructure. Be prepared to request resources. Water utilities should become familiar with local and state procedures to properly request the necessary resources for returning to operation after a disaster-related service interruption. Plan for provision of alternative water supplies. Develop a plan to provide an alternate drinking water supply (e.g., bottled water, bulk water, wells, and temporary treatment and distribution systems) to customers in the event of prolonged service interruptions. Incorporate lessons learned into response plans. Utilities and their response partners should regularly review and update their emergency response plans (ERPs) and other related plans to include lessons learned from trainings, exercises, and actual responses. Conclusion The climate on cyber threats as they relate to critical infrastructure ��� the proliferation of incidents, the attention of Congress and the president, warnings from security experts ��� seems to indicate that we are on borrowed time. A cyberattack will happen, we are told. The federal government may offer a measure of help to combat it, but may also obstruct itself to the point of inconsequence. Mostly, utilities and security providers must help themselves ��� and each other ��� by getting up to speed on security protocol and by sharing vital information. Technology, like the people who wield it, can be both good and bad. As we anticipate the inevitable, the best defense is to stockpile the good to overcome the bad. ��� 1. Kim Zetter,���How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History,��� Wired, July 11, 2011. 2. U.S. Environmental Protection Agency, Collaborative State-Level Water Sector Emergency Response Exercises 2009-2011: LESSONS LEARNED (Washington, D.C.: EPA 817-R-12-005, May 2012). Kevin Westerling is the editor of Water Online, the Internet���s premier source for water and wastewater solutions, in addition to the numerous forms of Water Online The Magazine. As such, he drives the editorial content for the website, the associated newsletters, and all magazine/e-zine publications. Kevin joined VertMarkets in 2006 and became Water Online���s editor in 2008. His education includes a bachelor���s degree in English Literature, a minor in Journalism, certification as a Web Content Developer, and, most significantly, realworld training on the beat for the ever-evolving water industry. Kevin can be reached in our Horsham, PA, office at 215.675.1800 x120 or kwesterling@vermarkets.com. Water Online The Magazine

Articles in this issue

Links on this page

Archives of this issue

view archives of Water Online - March 2013