The Australian Govt has legislated that water/wastewater operators delivering services to at least 100,000 connections across one or more water or sewerage systems must comply with the Security of Critical Infrastructure (SoCI) Act. While the legislative requirement captures water/wastewater assets servicing mid-to-large towns and cities, consideration should be made to address remote and regional utilities, which in my opinion pose a higher risk to consumers.
NIST has published a specific framework for industrial control systems (ICS) which may be more relevant to instances where there is an industrial network comprised of skid mounted control panels containing a PLC, I/O cards, comms module/cellular router and an operator interface terminal(OIT). I’ve read the document, and in my opinion, it provides actionable measures that automation engineers can implement to minimise material risk and mitigate impact to assets across all types of water/wastewater treatment plants and networks.
As it’s specific to ICS, it’s also much easier to digest by engineers and plant staff when compared to other frameworks.
