It’s Thursday, June 17th and yet another water utility got hacked using Teamviewer and an account that should have been removed. Ladies and Gentlemen of the water utility business: Please get more serious about how you manage remote access. If you don’t absolutely need it, don’t use remote access software. If you have people on site at all times (and most large surface water utilities are required to by law) you do not need remote access. And for the love of all that is good, please manage the remote access accounts better.
I know, the glossy magazines say you should have remote access because it saves money. Yeah, Right. Show me the business case. Unless managing the plant without remote access is impossible, this is bad advice. Typically this advice comes from people with very little time under a hard-hat. They came from the world of consultants and their ideas are what I like to call Corporate Pornography. They’re pornographic because these ideas are presented with soft lighting, from just the right angle, and with all blemishes carefully airbrushed over. They’re not any more real than the image and writeup of the centerfold pin-up girl.
Talk to your IT staff. There are ways of setting up remote access with two factor authentication. It can be configured so that when HR stops paying an employee, or when the project manager terminates the project, it closes down access. There are also ways of enabling and disabling remote access while an operator is on duty. If an operator is on duty, remote access should be disabled. If you want access, you must first communicate with that operator so that they can fill you in on what they think is going on. It’s their license at stake –NOT YOURS!
Above all, we need to have a discussion about how much control the automation should have versus what the physical controls are actually capable of. The automation can probably steer the equipment across a significantly more limited subset of the whole range and still keep things running just fine. So if you’re dosing slaked lime in to the water supply, set it up so that it can only dose between certain rate limits. The equipment may be capable of more, but that capability should be reserved for when an operator is physically on site and manually controlling it. Another advantage is that it will catch equipment anomalies, such as tubing that slowly clogs up, sooner than it would if we allowed the control system to run through the entire range of operation that the equipment could handle.
For those of you in the general public: your concern is understandable; but please do not worry so much. The water from a water treatment plant usually goes to a storage tank known in the trade as a “Clearwell” or “Finished Water.” That water is reserve in case a pipe breaks, or in case there is any question of the water quality. For example, more detailed lab results may take time to discover unusual contaminants that may have worked its way in to the water. If a situation like that arises, it is not that much of a problem. The water is still sitting there in the clearwell and it can be sent back to the head end of the plant for reprocessing, perhaps using different coagulants. Even if someone is successful at “poisoning” the water supply, the situation will have to stay that way for typically a day or more before it gets to the distribution system. This is what you need to understand when you read these alarmist stories. There is time to catch these problems and deal with them.
That said, there are other things that can be done to damage assets in a water plant. I won’t go in to them here. Suffice it to say that if you in the water utility require remote access for routine system maintenance, do it securely –or don’t do it at all. I’m tired of reading these awful articles of how poorly these systems are managed. You are risking far more than just your water quality or ratepayer money. You are risking the loss of public trust in your utility. Don’t wait for regulation before doing something, particularly if you are working at a large utility. You can either do this correctly from the start, or you can have some consultants fluent in the latest corporate pornography do it to you with a looming deadline. I speak from over 30 years of experience at a large water utility. I always chose the former. I recommend you do the same. That’s not just another bit of corporate pornography, that’s my career of experience as an engineer speaking.
(edited for grammar and clarity)