Key points are not available for this paper at this time.
The Importance of Cyber Resiliency in the Modern Utility: the Metropolitan St. Louis Sewer District JourneyAbstractResiliency in the Modern Utility is essential and multi-faceted. Traditionally resiliency in utilities focused on operations, and over time it has grown to include finance, supply, workforce, and climate impacts among numerous considerations. In today's digital world, utilities rely on enterprise management systems, computerized maintenance management systems, SCADA, and the internet, which are integrated into our daily lives and workplace. In addition to this reliance, the threats to our systems have never been greater. The threat of cyber-attack today is a business, and cyber security an ever-increasing need. The purpose if this presentation is to outline Metropolitan St. Louis Sewer District's (MSD) journey to build a utility not just focused on cyber security, but cyber resilience. St. Louis MSD is a large regional sewer authority, serving over 1.3 million customers in St. Louis City and County. Technology supports over a thousand employees serving headquarters, seven treatment plants, 280 pumpstations, and collection system maintenance of 6,000 miles of pipe. This was a multi-year journey that has evolved and continually adapted to the fast pace and changing digital landscape. This paper will describe MSD's recognition of the need to mitigate cyber risk, the decision to launch on this journey and methods to identify and mitigate the threats to cyber resilience. The areas of focus were both on physical threats and virtual threats. Solutions included evaluating data center, network operations, applications, IT asset management, mobile technology, connectivity, and security. MSD focused on industry best practices and utilizing accepted security frameworks to identify risks and prioritize the controls. Control measures focus on prevention, detection, response, and recovery. MSD will discuss the phases of this journey, with an initial phase focused on physical hardening and redundancy, actions included data center colocation, network redundancy and monitoring. Subsequent phases focus on IT applications, cyber security, and associated policies. This journey was not always perfect, MSD will discuss its success and setbacks, including the disappointment in 2020 when the District failed a penetration test even after enacting new policies and controls and how that led to digging deeper into improving internal practices and training. These efforts ultimately lead to success in future audits. In addition, we will discuss the scramble and shift in the digital landscape created by the pandemic and new norms and challenges of a remote workforce. This led to an increased focus on mobile assets, mobile device security and internet redundancy. We will discuss societies shift to the cloud has changed MSD's policy on software selection, the need of on-prem infrastructure, disaster recovery site and has created new opportunities and challenges for cyber resilience. Lastly, we will discuss lessons learned on this journey and how we see the landscape continuing to evolve.This paper was presented at the WEF/AWWA Utility Management Conference, February 13-16, 2024.SpeakerSprague, JonathonPresentation time11:00:0011:30:00Session time10:30:0012:00:00SessionUtility Resilience and ReliabilitySession number17Session locationOregon Convention Center, Portland, OregonTopicCybersecurityTopicCybersecurityAuthor(s)Sprague, JonathonAuthor(s)J. Sprague1, V. Kienstra2Author affiliation(s)HDR 1; St. Louis MSD 2;SourceProceedings of the Water Environment FederationDocument typeConference PaperPublisherWater Environment FederationPrint publication date Feb 2024DOI10.2175/193864718825159288Volume / Issue Content sourceUtility Management ConferenceWord count17
Sprague et al. (Thu,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: