In today's increasingly interconnected world, the risk of cyber attacks on critical infrastructure is a growing concern. This is particularly true for sewage collection and treatment systems, which play a vital role in protecting public health and the environment. One way to mitigate this risk is through the use of segregated, redundant systems for monitoring these systems.
A segregated system is one in which different components or subsystems are isolated from each other. In the context of sewage collection and treatment systems, this means that the systems used for monitoring are separate from those used for controls. This helps to prevent a single point of failure, as a problem with one component will not necessarily affect the others.
Redundancy refers to the use of multiple systems or components to perform the same function. This ensures that if one component fails, there are backups in place to take over. In the case of sewage collection and treatment systems, this might mean having multiple sensors or RTUs in place to ensure that the system can continue to operate even if one component fails. At a very minimum, the redundancy should monitor the infrastructure so that if the primary monitoring system fails (or is shut down by a malicious hacker), the operators will be made aware of any changes to the system. Redundancy not only means backup systems, but also resiliency in the system, meaning the ability to withstand and recover from different types of failures.
The ability for operators to know that something is wrong in a separate, redundant system is a critical approach to cybersecurity. The importance of these measures is highlighted by recent cyber attacks on critical infrastructure.
In March 2021, a cyber attack on the Colonial Pipeline caused a disruption in fuel supplies along the East Coast. This attack was the result of a ransomware attack, in which hackers encrypted the pipeline's data and demanded a ransom to restore access. Similarly, in January 2021, a cyber attack on the Oldsmar water treatment plant in Florida had the potential to contaminate the water supply for thousands of people. In both cases, the attackers were able to gain access to the system's control systems, highlighting the need for better security measures. In the case of the Oldsmar attack, if an AlarmAgent RTU was installed, the operators would have known immediatley when the pH of the water rose above an acceptable level, EVEN IF the operators did not catch the hack while it was occurring.
It is very hard to hack these infrastructure systems. It is exponentially harder to hack two systems simultaneously. In fact, the hackers might not even be aware of the second monitoring system, let alone be able to hack it concurrently with the primary system.
Additionally, it's important to implement robust cybersecurity measures, such as firewalls, intrusion detection systems, and regular security audits to detect and prevent cyber attacks. It's also important to have the redundancy on the monitoring systems, so that even if an attacker attempts to modify the system, the monitoring systems would detect any changes and take appropriate action.
In conclusion, sewage collection and treatment systems are critical infrastructure that need to be protected against cyber threats. The use of segregated and redundant systems, along with robust cybersecurity measures, can help to mitigate the risk of cyber attacks and ensure that these systems continue to operate effectively, while