search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
| Spotlight – Q&A


malicious action – they need something in place that can help them see the difference. They need to be able to log what’s happening, see who’s logged in and how, and be able to vet those connections. The remote world that we’re in now certainly does add a lot of complexity to how cyber threats are detected. That inherent risk of having outsiders able to control things from outside the facility certainly demonstrates the need for stronger cybersecurity.


How can facilities protect themselves against cyber attacks? There are a number of different ways facilities can project themselves. The first one is to build a holistic approach to cybersecurity. The reason this is so important is because there’s already a lot going on in the facility. There’s a lot of equipment there, a lot of processes, all of which are very important and can’t be stopped. If we’re looking at cybersecurity for each vendor, or for individual sections of the facility, it’s just going to add even more complexity and even more risk. If we view cybersecurity as a platform that looks at everything in a holistic and vendor agnostic way, then you’re going a long way and making sure that the entire environment is protected. That way you’ll be able to identify when strange things are happening in the environment or see when one system may be impacting another, and then be able to act on it.


Another thing I think is really important is to use the


standards that are available to you as an organisation. There are many, including: IEC 62443 (which is considered the prevailing operational and industrial cybersecurity standard right now); AWWA; the NIST framework; and NIST 800. Those are major drivers to use to begin a cyber journey as they lay frameworks and reference models for organisations to use to secure their control systems.


Equally as important is training and enforcing cybersecurity culture. Every person in the facility needs to know their involvement in a secure cyber architecture. It doesn’t matter if you’re in the control room, in the front office, or a delivery driver - every person can impact cybersecurity in some way! Everyone needs to understand how their actions could present a security risk. For example, if someone plugs their cell phone into a workstation to charge it, that’s a cyber risk. If you bypass something on a system to make your job easier, that’s a cyber risk. If employees understand how actions can impact an operation, and what the cyber chain of events could be, it will help them avoid those pitfalls.


Phishing in email attacks is one of the top methods for gaining access to operational networks – all it takes is one person clicking on a phishing email to infect the entire network. Attackers will send an email that looks like an official email, asking you to log in. When you click something, it will ask for your credentials, and f


www.waterpowermagazine.com | December 2021 | 9


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37