Asset Management, News, QLD, Safety, Technology, Utility

Assessing Queensland water utility security

The Queensland Audit Office (QAO) has released a report, assessing whether a selection of entities responsible for critical water infrastructure have processes in place to protect their water control systems from potential attacks, both internal and external.

For the report, Security of critical water infrastructure, QAO carried out tests, known as penetration tests, to identify and exploit security vulnerabilities in order to assess whether these entities could detect the security breaches and restore the systems in the event of an attack.

The audit found that water control systems were not as secure as they should have been at the time of the testing.

The age of many of the control systems, combined with more recent integration with corporate networks, had resulted in higher risks that had not always been recognised and tested by the entities themselves.

Security controls did not sufficiently protect them from internal or external information technology-related attacks.

All entities were susceptible to security breaches or hacking attacks because of weaknesses in processes and controls.

At the time of testing, attacks could disrupt water and wastewater treatment services, as well as other services that relied on the entities’ information technology environments.

All audited entities had the capability to respond to information security incidents if they were detected. However, they were not well prepared for cyber attacks as they had not planned ot tested their response and recovery from this type of incident.

The report recommends water service providers to:

  • Identify risks of information security breaches
  • Implement controls to protect their systems
  • Monitor and review the effectiveness of the controls

Since the audit, critical infrastructure owners have made efforts to mitigate the risk of security incidents, including cyber attacks, on their systems to mitigate the impact of such events.

Discussion

No comments yet.

Leave a Comment

Your email address will not be published. Required fields are marked *

Read the latest issue online

Twitter

Upcoming Events

  1. International Brian Cherry Concrete Symposium

    July 26 @ 8:30 am - July 27 @ 5:30 pm
  2. AAPA International Flexible Pavements Conference 2017

    August 13 - August 16
  3. Safety in Action

    September 5 - September 6
  4. No-Dig Down Under

    September 12 - September 15
  5. ITS Summit 2017

    September 27 - September 28