RYE, NEW YORK, IS a quaint and quiet affluent community in Westchester County. The town is understated and unassuming. It’s more notable aspects, in fact, are a pair of historic landmarks: the childhood home of founding father John Jay and a couple of 200-year old mile markers on Boston Post Road, America’s oldest thoroughfare.
While the town hardly seems a likely target for cyberattack, during three weeks in September 2013, its computer network was exposed. An Iranian hacker with ties to international spy agencies broke into the system that operates nearby Bowman Dam. Small town America was under siege.
The US Department of Homeland Security determined that, by tapping into the supervisory control and data acquisition system, the hacker accessed information about water levels and temperatures, as well as the status of the sluice gate controlling water flow. He was not able to operate the gate from Iran because the gate’s control system had been disconnected for maintenance.
As Brett Walton reported in a 2016 Circle of Blue article (http://bit.ly/25NY9mh), cybersecurity experts consider the Bowman Dam incident “a read” since the culprit sought only information about the operating system rather than commandeering controls. While no damage resulted from the security breach, it raised concerns for water utilities across the country.
Computer systems and the industrial control networks that operate pumps, disinfect water, and guide critical functions of wastewater and drinking water systems, are vulnerable to cybercrime. And because water, energy, and public health systems are mutually dependent, the greater concern is that by disabling pieces of our interconnected infrastructure, a single intrusion could incapacitate entire service areas with devastating results.
At the core of this issue, according to experts, is the convergence of two systems that at one time were separate: information technology and operational technology. While the interconnection of operations systems to the internet saves time, labor, and cost, it also exposes them to cybercrime.
Cybersecurity is a moving target, and one that requires continual pursuit. If water systems are going to avoid the digital hazards of the 21st century, they will require heightened awareness and new tools, specifically technology to deflect attackers and increased training. Well-informed is well-armed.
In this issue of Water Efficiency, we explore the value of data and the importance of protecting it. Our cover story, “Strength and Security” addresses the topic of cybersecurity for water utilities by way of in-depth interviews with water professionals on the front lines. “Someone will find a way to get in,” explains American Water CEO Susan Story. “How will you handle it when that happens?” We outline practical strategies on both the operations and information technology sides, that water utilities nationwide are employing in an effort to prevent security breaches.
There are an estimated 151,000 public water systems in the US, from large metropolitan networks that serve millions to community service districts that serve hundreds. Each will need to fortify its informational and operational technology in order to strengthen its systems against cybercrime. Our national security and public safety depend on it.
In “Water Demand Management” we look at data and water security from a slightly different vantage point. We ask: How do utilities predict the amount of water consumers will need? The answer, of course, is with accurate data. Plotted with usage patterns, AMI data, weather coordinates, and usage information helps determine demand peaks and adjust system settings accordingly. Data enables informed decision-making.
To continue our exploration of analytics providing insight, we look at leak detection tools that pinpoint water loss. In “On the Pulse” we learn about three utilities that have addressed problematic water loss with smart meters and acoustic and ultrasonic sensors. Each case demonstrates that accurate data is the most effective tool in helping utilities identify the pipes that are causing water loss so that they may prioritize repairs.
Data and the awareness of patterns also offers risk management and long-range planning for communities affected by rising sea levels. In “Sea Rise: Adapting with a Glass-Half-Full Approach” (pg. 38) we observe the benefits of proactive, well-informed planning to mitigate the effects of global sea rise. This includes adaptation strategies that address impacts and increase the resilience of infrastructures.
As is clear throughout each story of this issue, data management and protection is an increasingly urgent topic for the water industry to address. Today, we are gathering more data than ever before, and we’re using it to solve an ever-increasing number of problems. For issues such as mitigating non-revenue water loss and supporting asset management, adapting infrastructure for the future, and combating cybercrime, information is, in fact, our only armor.