Security of critical water infrastructure (Report 19: 2016–17)
Reliable drinking water and wastewater services are essential to all Queenslanders.
Water service providers protect the quality of drinking water by operating treatment plants that remove contaminants. These service providers generally use computer systems to control operations of water treatment plants, and related facilities and assets.
Because of the critical importance of clean drinking water to the community, it is vital that water service providers identify and manage security risks associated with this infrastructure. Failure or security breaches in these control systems can have major consequences for the health of citizens, the environment, and the businesses that rely on these services.
In this audit, we assessed whether a selection of entities responsible for critical water infrastructure have processes in place to protect their water control systems. We carried out our own tests, known as penetration tests, to identify and exploit security vulnerabilities. We also assessed whether these entities could detect the security breaches and restore the systems in the event of an attack.