Andrew Green has been working in the water and wastewater industries for 7 years as both a manufacturer and a contractor. He is currently serving as Technical Sales in the southeast for VTScada by Trihedral and his prior experience includes industrial manufacturing, system integration, distribution systems, and smart city initiatives. Andrew has a Bachelor of Science in Marketing from Louisiana Tech University and lives in Birmingham, AL with his wife and two adopted children.

Cyber-security breaches of computer systems are becoming more and more common. SCADA systems pose a particular risk as they transcend the computer system to the physical world. Each of these breaches not only result in massive issues with the safety, privacy, personal information, and confidentiality of companies, but can also affect our livelihoods in a very real way.

Less often, but perhaps more critical (and definitely more concerning) to our industry, we are seeing municipalities being affected, either by ransomware, general hacking, or specific process disruptions. These infiltrations cause loss of data, carry financial implications, and potentially threaten our customers’ health and life-safety. Utilities owe it to themselves and to their customers to be as prepared as possible when these cyber-attacks occur.

This session will provide an overview of cyber-security standards, best practices, and technologies to mitigate risks to utilities. These will be reinforced with a live software demo, an introduction to architectural security designs, and a discussion of remote connectivity scenarios. Some of the topics to be discussed are as follows:

• General thoughts around cyber-security breaches
• Industry standards which provide guidance
• Username/Password/Privilege schemes
• Security procedures for accessing or leaving a SCADA system
• Operational Realms & Controls
• Remote connection security
• Secure backups, redundancy, and version/event logging
• System design considerations and infiltration mitigation