Infrastructure control systems are increasingly the target of cyberattacks worldwide. Water providers rely on this technology to operate and monitor a portion of their water infrastructure assets that deliver critical water and sewerage services to Victorian households.
Our 2010 audit Security of Infrastructure Control Systems for Water and Transport noted significant security weaknesses in these systems making them vulnerable to cyberattack. This audit follows up on whether security of control systems in the water sector have improved. We assessed their governance arrangements, security architecture, system vulnerabilities and physical security.
We made four recommendations for the audited water providers.