The need to protect against cyber attacks has never been more important to the water sector. Now water engineers can gain the latest information about what needs to be done at a popular industry conference.

“The trend to new communication technologies has led the industry towards greater reliance on third-party solutions as opposed to in-house solutions. Use of the internet does make water utilities more vulnerable to cyber security breaches,” says Pearse Bradley, Head of Telemetry & Telecoms at Northern Ireland Water. Wise words indeed. Everyone, whether consumer or service provider, has seen a ‘digitisation’ of how utilities are managed over the past decade – and it’s clear that the threats are rising as fast as the conveniences.

Interconnectivity: both threat and solution?

Simon Hall, water sector lead at the National Cyber Security Centre, believes that the threat actors and vulnerabilities are common to many industries. However, it is the geographical distribution of water supply, including to remote locations, that poses specific challenges.

“Old operational technology solutions have been local in nature, and not interconnected,” he says. “The newer systems that are now being deployed are much more interconnected to provide greater efficiency, flexibility and ease of use. The providers need to ensure that security is built in to these new (largely IP based) systems from the start.”

Charles Williams, Strategic Business Director at engineering design consultancy Sweco, thinks that this interconnectivity could also provide the solution:

“The water industry has a wide area network of interconnected sites covering the whole country,” he explains. “Each of these is connected back to a central master station system in each of the water companies to provide centralised monitoring, and consequently there are many potential routes available for cyber attacks.

“Currently, there is a great deal of work being carried out to protect the operational technology infrastructure, including the use of communication protocols such as WITS DNP3 that utilise secure authentication to minimise the risk of attack through this route.”

Bradley agrees: “While greater bandwidth may be achieved through communication methods such as GPRS and 4G, there is an increased risk to utilities as there is greater reliance on the internet as the transport mechanism. However, utilities engaged in this area are ‘hardening’ their infrastructure to try and prevent, and mitigate, any such breaches.”

An opportunity for the industry to learn more

Practical cyber security solutions for the industry is just one of the topics that Williams, Bradley, Hall and many others will be discussing on 26 and 27 April, at the Institution of Engineering and Technology’s (IET) Water: Operational Technology and Data conference. Regarded in the industry as the foremost UK conference for water engineers, the two days will cover the key technical developments that the industry needs to look out for over the coming 12 months.

With many water industry events out there, it’s clear that the IET conference is a meeting like no other. Charles Williams explains: “The things that differentiate this conference from the rest are the fact that it is aimed at the operational technology infrastructure, and the associated real-time data and information it provides to improve the operational efficiency and customer service of the business as a whole.”

Water: Operational Technology and Data takes place in Warwickshire on 26-27 April 2017. For more information, visit: www.theiet.org/water