In an era where technology pervades critical infrastructure operational landscapes, the recent Optus outage serves as a stark reminder of the criticality of resiliency, security, and risk management in the design and operation of our infrastructure systems.
Professionals in the Australian water sector must adopt a holistic approach drawing from asset management, engineering best practice and risk management to fortify their systems against potential vulnerabilities both internally and externally to the organisation.
Increasingly, reliance on human vigilance for asset oversight has shifted to technological dependence. However, this transition necessitates quality controlled formal design processes to embed resilience within these systems. In a world of high availability coupled with non-deterministic communications (e.g. TCP/IP), the need for the design of resilient systems that decentralise control elements close to physical systems becomes increasingly important.
Large water utilities are dedicating teams to manage and protect their Operational Technology assets, through continuous management, encompassing patch updates and port security, coupled with risk-based protection strategies. This constitutes a robust defence against potential cyber threats and third party outages.
Incorporating operational practices that simulate failure scenarios and rehearse system recovery methods should become intrinsic to daily operations. Authentication protocols, such as vendor-signed updates and out-of-bound communications, must be rigorously enforced to thwart unauthorised infiltration.
Simon Zander, BecaHunterH2O's specialist in Operational Technology said "Strengthening the resiliency and security of Australian water systems requires a concerted effort, strategic planning, and ongoing commitment to stay ahead of evolving threats in the digital age".