Cybersecurity: Water Utility Security Part 2

Last month, we began an exploration of the risks posed to water utilities by lack of adequate cybersecurity. Now, it’s time to understand why organizations aren’t doing more to address these modern threats.

How Widespread Is Lack of Preparedness?

Very. According to a 2014 report by Unisys and Ponemon Institute (“Critical Infrastructure: Security Preparedness and Maturity”), more than two-thirds of utility and infrastructure agencies admit to having at least one incident of compromised security that led to data exposure or operational disruption. Yet fewer than one out of three of these organizations considered security one of their top 5 priorities. Less than 20% of companies interviewed were operating at a mature level of cyber security.

What’s Holding Utilities Back?

Most public agencies have, historically, been very slow to adopt new technology. There are several reasons:

  • High costs
  • Perceived risks
  • Practical and technical challenges

The last problem is one of the trickiest to resolve. Even systems that were once considered state-of-the art weren’t built with today’s digital world in mind. For example, it’s common for utility companies to run their technology infrastructure on very old or unpatched versions of Windows—the same O/S that was initially put in place when systems were first computerized.

Upgrading can’t be achieved simply by throwing money at the problem. Legacy modernization requires a great deal of preplanning and risk mitigation to avoid disruption of services. After all, the operation of utilities has physical, real-world consequences. A failed upgrade doesn’t just mean people complaining on message boards about a bug in a smartphone app. It can entail people living without water and sanitation.

The Wait and See Approach Remains the Norm

It’s no wonder that the time and cost involved in updating utility systems to make them more secure is often viewed as prohibitive. Cybersecurity as an unavoidable cost of maintaining a system can be a hard sell. The only upside to making a system secure is that it continues to function as customers expect. There’s no visible benefit to having better security as long as things are going well. Unfortunately, many agencies simply cross their fingers, hoping to avoid a catastrophic event. What should they be doing differently?

In Part 3 of this series, we’ll explore some of the ways water utilities can become more secure.

California Wastewater Employee Accidents: Part 2

Being in a hurry is a common cause of accidents in the wastewater industry. When an employee isn’t paying full attention to their surroundings, it’s easy to be caught off guard. That’s what happened in the following incidents.

Story #3: Slip and Slide

An employee was working in a centrifuge sludge rack. He was opening the left side of the split lid when the rope broke. Flustered, the worker quickly moved to the right side to open the other half of the lid so he could begin loading sludge. He slipped on the wet ground and fell hard enough to break his thigh bone at the hip. The employee spent several days in the hospital as a result of the injury and no doubt had a long recovery.

Takeaway: Wet floors are a common hazard at water and wastewater worksites. Employees should wear skid-resistant shoes and watch their step on the job. Supervisors should make it clear that getting the job done safely is more important than getting it done fast.

Story #4: Something’s Got to Give

An employee was standing on top of a narrow control cabinet and fastening a nylon sling and clevis around the housing of a blower motor filter so it could be moved by a forklift. Still standing on the cabinet, he indicated to the forklift operator to raise the load. The sudden tension on the strap caused it to give way with a loud POP! The employee was so startled that he lost his balance and fell over 7.5’ to the concrete floor below. He suffered a serious hip fracture from the fall.

Takeaway: This is a good example of why Cal/OSHA requires fall protection any time an employee will be working at heights of more than seven and a half feet. The employee should have followed proper fall prevention safety practices for working at this height. For example, he should have been using an approved ladder instead of balancing on top of a control panel. The forklift operator should also have waited to lift the housing until the employee returned to ground level and moved clear of the forklift.

Next time, we’ll look at the hazards heavy equipment pose at worksites in the wastewater industry. Stay tuned!