In today’s ever-evolving digital landscape, successful and trustworthy companies need to be at the forefront of cyber security whilst allowing innovation. Sydney Water’s key to successful protection of its assets, safe delivery of water services, and providing trustworthy outcomes for employees and customers is guided by three digital pillars; mission-critical services, digital convergence and resilience-ready.
Speaking at OzWater 2021, Sydney Water’s General Manager Digital, Dominic Hatfield, highlighted Sydney Water’s long-term plan to maintain security and defend against cyber threats, while continuing its relentless pursuit of digital transformation, innovation and growth.
Mr Hatfield prompted other organisations to identify their mission-critical services and assets, those that they couldn’t operate without and would never share externally, to tighten security controls around them, whilst providing an innovation sandpit that allows people to play and learn without risk to operations.
“Sydney Water’s risk appetite for technology has historically been adverse, but in contrast we desire rapid digital innovation,” Mr Hatfield said.
“It was only until we truly understood our mission-critical services that we were able to set on a journey to become more ‘cloud native’ and encourage innovation whilst maintaining high security standards for our mission-critical services.”
Mr Hatfield said the proliferation of unmanaged digital initiatives can leave organisations vulnerable to attack vectors. “An attack can occur through something as simple as someone connecting to your network with a mobile phone,” he said.
“To tackle issues like this, we have been converging all our technologies, IT and OT [Operational Technology] under a single Digital Group.”
“Operating together as one group under one set of goals, policies and processes, we can leverage digital technologies and innovation and improve our pace of delivery.
“We can scale and respond to threats and vulnerabilities across the digital landscape consistently. It’s also essential to have a structured resilience program to be ready for and respond to when, not if, a cyber-attack occurs.
“While strong technology, monitoring and process foundations are key to being able to respond, awareness and agility across the various threat vectors are critical to being able to stay on top and react quickly.
“Create layers in your cyber architecture and the processes around it to allow strategy and action to occur at a granular level.”
In closing, Mr Hatfield emphasised that cyber safety needs to be a corporate priority and at the core of a business’ design and technology, not independent or subsequent thinking.
“At Sydney Water we run regular cyber exercises to keep teams ready for anything. These can be as small as a fake phishing campaign to a full exercise where we have a concerted organised crime attack.”
Mr Hatfield added that simple education of staff can significantly improve an organisation’s resilience to cyber attacks. “Our people need to know that protecting their identity is broader than just where they work,” he said.
“Be ambitious and be prepared, attackers will not stop, we too must be relentless in protecting our mission-critical services.”