Securing Critical Control Systems in the Water Sector – Where Do I Begin?

Public health and safety are dependent on the availability and reliability of water systems. Cyber attacks on information technology (IT) networks are well known, but attacks on the control systems used to monitor and control plant processes are increasing in frequency and in their potential threat to public safety. The highly sophisticated Stuxnet worm discovered in 2010 was the first publicly known malware to specifically target industrial control systems. Stuxnet is proof that potential threats to critical infrastructure can no longer be ignored.IT professionals are responsible for ensuring the availability and security of enterprise networks. However, protecting an IT network from a cyber attack can be very different from protecting an industrial control system. As a result, plant engineering and operations will need to take an active role in developing a security plan protecting critical control systems to minimize the potentially adverse impact of a cyber event on public health and safety. For many, the greatest challenge in developing a security plan is knowing where to begin.The paper, Securing Critical Control Systems in the Water Sector – Where Do I Begin? will review existing and emerging threats to critical infrastructure and the potential impact of cyber events on water systems. An overview will be provided of industry standards, guidelines and recommendations, and other available resources to aid in the development of a utility security plan essential for protecting critical assets