Thursday, May 17th, I did taping for the American Association of Water Distribution & Management (AAWD&M) Video Module Series on critical infrastructure. Fellow speakers were from the California Water Resources Control Board, Appalachian State University, and Alvaka Networks. My presentation discussed control system cyber security with a focus on water/wastewater facilities including selected water industry control system cyber incidents. Specifically, I addressed a known malicious cyber attack and a cyber incident that may or may not have been malicious (lack of control system cyber forensics). In the malicious case, sewage discharge valves were opened and dumped almost a million liters of sewage. The event was not identified as being cyber-related the first 20 times the valves were opened. The second case involved water being pumped from a superfund site into the drinking water system. It should be evident from an impact perspective, it doesn’t matter if this was a malicious attack or not. The video will be available for restricted viewing in about 30 days on the AAWD&M website (www.aawdm.org). AAWD&M will restrict access to public water systems and affiliated stakeholders and will not be made available to the public.
Joe Weiss