Cyber Attack Readiness


In the event of a cyber security breach, Sydney Water could experience significant disruption to
automatic controls at water treatment facilities. The top 4 consequences would be environmental,
public health, reputation and loss of ability to supply water and wastewater services to customers
and communities.
This project addresses this risk by improving Productions ability to perform field operation of
treatment facilities in the event of a cyber security issue across the 33 Production plants owned by
Sydney Water. The outcome will be modification to field controls and standard incident procedures
to enable people to physically operate the plants in a ‘field mode’ with no SCADA or PLC visibility or
control for a period of up to 36 hours until the SCADA/PLC functionality is restored safely.


Torch have been tasked with implementing modifications to field controls and standard incident
procedures at a pilot site and demonstrate Productions ability to control the plant in a field control
mode by staging a mock cyber-attack at Warragamba Water filtration plant.
Utilise the learnings to create repeatable processes that can be rolled out across the remaining 32
facilities and complete audits and gap analysis reports to develop and agreed risk-based
implementation plan that is integrated with the 5-year major works plan.


The requirement was quite ambiguous as we were asked to design and structure an approach to
completing all gap analysis reports at all 33 sites and create a business case to fund the build
requirements, system enhancements and create new policy and procedures.
Fortnightly governance and steering committee meetings were established to manage the
stakeholder expectations and drive the engagement and participation of all staff involved at the
Mentoring and training of staff and managers was a major requirement to ensure all risk
assessments and local knowledge was captured and planned for. The timeframe was tight and
within a 5-month period with no full-time staff assigned.
Torch set and created a fast-paced interactive project that was led by a previous Six Sigma Black belt
and we adapted a critical to quality approach to suite Sydney Waters Prince 2 methodology.


Leading up to the pilot, two new monitoring panels with 13 different indicators were installed to
ease the amount of risk with field control. The equipment took 2 weeks to install and 1 week to test
in various modes. Multiple risk review workshops were conducted and a 4-hour technical review
session was held with NSW Health to gain endorsement to proceed.

On December 3, 2019 the pilot was a success at Warragamba filtration plant and the Production
team successfully produced and treated raw water for 4 hours. All of the water quality control points
endorsed from NSW Health were met.

The business case and a SWOT analysis report were presented to the Governance committee and
the program has now entered into (phase 2) which is a wider rollout using an internal project
manager that was mentored by Torch.

Torch has now completed this assignment and our consultant remains in contact with Sydney Water.

There is a high probability he will return to consult on 2 other programs of work to help them
formulise and structure they’re in house capabilities and program management.