Attempted Cover-Up of Sewage Spillage
|Industry Type:||Water/Waste Water|
A sewerage spill officially estimated at slightly less than 3ML discharged into a nearby creek. The engineer in charge was advised of the spill by the Electrical Supervisor and then his supervisor by telephone phone and he performed a hardcopy backup of the operational trend data containing level information and the derived flow information. The trends indicated a significant reduction in normal levels and derived flow. The derived flow figure value was approximately 4 times higher than actual after checking the site post event. The flow meter from this site does not have a pulsed output and was not working prior or during the incident due to a tripped circuit breaker for this unit. The flow value did not completely stop during the event and the pumps ran lower hours than normal. The results of pump stations operations staff investigations discovered that a pump station inlet control valve after being routinely serviced failed normal operation and closed partially after service personnel left site. The valve opening was subsequently blocked by a large piece of wood and cloth like material (referred to as ragging) completely blocking the valve entry point to the pump station.
The engineer in charge’s supervisor entered the water treatment plant (the location of the telemetry systems servers). This was logged in the electronic access control security system log. A short time later the engineer in charge performed a daily system check which basically consists of turning the monitor on the I/O server and looking at the system for any system related problems. He noticed that the “Trashcan” was full and immediately asked the Electrical Supervisor to observe along side while he opened the contents of the trashcan and any subsequent checking. The trashcan contained trend data. He then logged into the system and checked via the kernel menu for the system uptime which was less than 4 hours.
The engineer in charge rang the General Manager of this discovery and asked him as to what he required him to do. Within five minutes his supervisor rang and advised that “he had attended the site earlier” and that he would “come to the site and undelete and restore the data on the server”. The engineer in charge’s supervisor arrived on site using his access card to gain entry to the complex. He then admitted to altering the system earlier in the morning and that he was going to attempt to reinsert the missing or altered data.
If the SCADA system and Historical Data system was not altered the data would have aided in proving the causation of the event.
The system could not be shut down immediately following the incident and this was not authorised until 5 days after the incident and took 24 hours to implement.
Three staff subsequently resigned resulting in an increased workload. The EPA is currently assessing if they are going to proceed with legal process.
|Action Description:||Strategic plans for SCADA systems are to include security/risk management frameworks. Audit computer system to secure and lock down the system as much as is possible and preserve the data of the event as best as is practical. Implemented more automatic copying of data bases to more locations that can be copied without causing the systems to crash. Changed all Admin Passwords on system and on individual machines. More automation of backup systems. A software specification has been written to address basic user system requirements features of the software include present Process Control best industry practice. This will allow further layers to be put into place to between the application administration and the operating systems administration. This specification will also provide a programming environment to be able to easily perform the flow calculations alarms to meet this item as necessary.|