Cybercrime has increased in volume and sophistication during the pandemic, with the Australian Cyber Security Centre (ACSC) revealing in its annual threat report for 2020-21 that it had received 67,500 cybercrime reports.
That was up by 13 per cent from the previous year with losses exceeding $33 billion. ACSC reported that a quarter of cyber security incidents were associated with critical infrastructure and essential services. One area that is critical for continuity of supply is the secure operation of Australia’s water and wastewater infrastructure.
While the details of the processes between fresh water supply and wastewater disposal differ significantly, the architecture of the automation and control system, as well as the respective communication and control mechanisms, are almost identical, particularly regarding safety.
The increased digitalisation of industrial automation and control systems (IACS) has the potential to significantly increase operational efficiencies while decreasing costs. However, with increased amounts of data comes the significant downside of increased vulnerability to cyber attacks which need to be mitigated.
Defense-in-depth
A Siemens whitepaper, Cybersecurity: Defense-in-Depth Concept for Water and Wastewater Industry, highlights that increased digitalisation provides a fundamental rethinking of information and operational security, and access protection – as well as the entire process of defining and implementing industrial security concepts.
Never has it been so important for vendors, solution providers and operators of control systems, to face the security threats they pose.
Critical infrastructure facilities require special IT and OT security solutions that ensure uninterrupted plant availability, real-time capability of critical IACS functions, and constantly updated protection and security controls against security threats.
In this regard, it is advisable to implement the so-called Defense-in-Depth concept, underpinned by IEC 62443 and provided by Siemens as a leading IACS vendor and IACS solution and service provider.
Defense-in-Depth is composed of multi-layered security controls and measures such as plant security, network security and system integrity elements, which build the foundation for the industrial security concept, from the interface to management and administration systems via the operations level to the field level.
If the appropriate controls are used, the security of water and wastewater plants and networks can be continuously monitored in near-real-time, and attacks can be detected and prevented.
System access and communication are analysed and documented so that companies can fulfill their obligation to identify and report environmental and security-related incidents in alignment with regulatory compliance.
A holistic security concept
Both organisational and technical measures must be carefully coordinated. A holistic security concept relies on people, processes and technology to be in synergy to achieve the necessary level of protection.
The IEC 62443 standards addresses all parties involved – IACS vendors, solution and service providers, and operating companies. It defines responsibilities and relevant organisational interfaces, and it provides a framework for defining, implementing, documenting, testing and maintaining organisational and technical measures against intentional and unintentional security incidents.
Siemens – as a vendor and single-source supplier of industrial automation and control systems – is well positioned to support system integrators and operating companies in coping with these increasingly demanding challenges.
Risks can be successfully minimised by taking security requirements and measures into account during the architecture, design, development and operation phase, and by implementing a holistic and adaptive security concept.
This Sponsored Editorial, is brought to you by Siemens. For more information, please visit www.siemens.com.au
