Critical Infrastructure Resilience – Control Systems Upgrade Done Right Involves Cybersecurity

With control systems at water and wastewater utilities having been installed before cybersecurity was even a thing 20 – 30+ years ago, many utilities are now faced with having to replace those aged, insecure, and obsolete systems and devices. However, after such longevity, could there be a concern that once systems start being replaced, these new OT devices will follow a similar fate as their IT counterparts and commence on a path of having to be replaced every 5 years or less? Not necessarily. According to Shay Geisler, I&C administrator at the East Cherry Creek Valley Water and Sanitation District (ECCV) in Aurora, CO that serves about 60,000 resident on the outskirts of Denver, ECCV expects to get more than 30 years of useful life from its new PLC/RTU systems. ECCV recently undertook a plan to upgrade PLCs, RTUs, radios, SCADA system—and cybersecurity—in its water treatment system with Open Secure Automation (OSA) units from Bedrock Automation.

Note: WaterISAC is not promoting any product or approach described in this post, it is just advocating for the intentionality of addressing cybersecurity as a key part of any (critical) system upgrade.

As described in a recent post in Control Global, when ECCV needed to upgrade its potable water treatment facilities and pump stations from their increasingly obsolete PLCs, its managers saw an opportunity to improve their cybersecurity, too. The approach was straightforward, Geisler and his team focused on securing three communications paths: SCADA software to PLC, PLC to PLC, and the radio network. Geisler explains why this approach is important: “We knew security couldn’t be limited to only the SCADA software. There were too many downstream systems and assets that would present a huge vulnerability if left untouched. We determined the vast majority of these potential vulnerabilities could be solved by addressing the PLC and SCADA communications system.” The result: secure, certificated communications from the SCADA software down to the remote PLCs and RTUs. Read more about ECCV’s control systems upgrade at Control Global.