Objective To determine whether information and communications technology (ICT) systems used to operate, manage and monitor critical water infrastructure are secure.
Issues Victoria’s 19 water operators rely on critical infrastructure to deliver their services, including physical assets, facilities, distribution systems, information technology and communication networks. This infrastructure relies on supervisory control and data acquisition (SCADA) systems to digitally monitor and control water infrastructure.
Cyber attackers have been known to target critical infrastructure, including SCADA systems, to endanger public health and safety. If successful, these attacks could result in overflows of untreated sewage, reductions in water pressure, or shutdowns in the distribution of water.
In 2014, CERT Australia—the Australian Government’s computer emergency response team—responded to 11 073 cyber security incidents affecting Australian businesses, 153 of which involved systems of national interest, critical infrastructure and government.
This audit will examine whether DELWP and selected water operators have implemented effective measures to protect critical ICT systems in the water sector.
Proposed agencies DELWP, Melbourne Water, Yarra Valley Water, Barwon Water, Emergency Management Victoria and Aquasure/Watersure (private partner desalination plant).