Comment from Jake Brodsky
Time: July 20, 2007, 10:47 am

Infrastructure problems are rife in most major cities. The pipes in the streets, the wiring, the gas mains, are all starting to get close their design lifetime limits.

The amount of effort required to rebuild our city infrastructure will have such a high price tag that I have doubts it will happen in most places. Instead, we’ll seek ways of refurbishing the infrastructure we have.

As for security, what would you expect Dale? Water and Sewer utilities are barely even aware that there is such a thing as a control system. Reading publications from the AWWA and WEF leads me to wonder if these folks are even aware that industrial control systems exist and that they use them.

Most water companies buy a SCADA product. They know virtually nothing about it. They’re lucky if someone on staff understands it enough to do any more with it than what the original consulting engineers configured it to do.

And you’d like them to spend money on industrial control security? You’d better teach them SCADA 101 before you go there. Even then, you’ll need to explain what cyber security is and why they should care.

There are a few of us in this business who are working on the problem. But we’re largely ignored because there are much bigger, more expensive issues on the table right now. In the scheme of what’s going on right now, this just doesn’t rate that much attention.

Comment from Ron Southworth
Time: July 20, 2007, 11:04 pm

Hi Dale I can understand your concern regarding how much may be proportioned towards securing Critical Infrastructure in the wake of these proposed infrastructure upgrades.

I am of the opinion however that if you can involve the culture of security as just another aspect of doing business like safety as an example then there is a chance that more than point one of a percent may be spent on securing these control systems. By enlarge my understanding to date, is that effective cyber security is not really that big a monetary drain if you take this cultural approach. Many of these cyber identified improvements usually equate or can be attributed in improving availability and the integrity and RoI of the system.

Targeting these factors is key to improving uptake as these factors are something that management can understand. This is part of the message that we need to be sending to the upper layer of corporate management when trying to foster their involvement and understanding.

As Jake rightly puts it, there are a lot of basic infrastructure problems with a number of utilities with respect to the age of the assets, especially water utilities. It is commonplace for management to not consider control systems expenses in general as being necessary or vital until an out of tolerance condition takes them out of their comfort zone. Control systems are usually the first one targeted for cost saving initiatives before concrete pumps and pipes. The total expenditure on control systems in this part of the world on capital projects at least, is lucky to exceed 5 percent of the total outlay. Not much coin really when you consider that the level of expectation of automation nowadays of the general public is far ahead of where much of it is at this moment in time.

There are some utilities that are in a better position than this “average” however. We do need to lever off how they have been successful in changing the culture of their organisation. I think you will also find that they are progressive in many areas including profitability!

I can see what Jake is saying with regards to the challenge and cost to replace this ageing infrastructure, it comes back to what sort of legacy do we want to leave our children. The numbers to modernise this infrastructure are quite staggeringly huge. we face the prospect of paying between 2.5 and nine times what we presently do for water. It is hard to justify to a generation that has taken this resource for granted so I am certain we are all in for some pain before this dilemma is sorted out