As the saying goes, we should not bite off more than we can chew. It would make sense to see how much you can bite off (what resources you have) and then decide to chew (what you can achieve). But, let us be real, this is not always the case.
Often enough, the exact opposite happens: they tell you what you need to bite off, and then you figure out how to chew it, and how to do it at a cheaper cost than others. At least this way you can plan.
But the most complicated cases are those where things change over time. And the fact is, everything changes over time. And even more so in the 21st century. If you do not adapt, you are dead. It is 'technological Darwinism' at its best.
Computers and the Internet came up. And then hyperconnectivity, SCADA systems, remote reading, IoT, big data, machine learning, smart water and so on and so forth. And finally, hackers, as people call them, but whom we could call 'cybercriminals'.
And, since there are cybercriminals, we need cybersecurity.
So now there is an area of security that did not exist before; therefore, we will need more resources. The first point is quite clear, the latter, not so much. And in the area of security, things are even more complex (as if it was not already complex enough).
At Locken, although we are involved in security, what we really do is we manufacture electronic access solutions
How do you measure security? Is there a unit for it under the International System of Units? The obvious answer is there is no objective single way to measure it. It is a trade-off between the hazards you face, the likelihood of them occurring, their potential consequences, and how much it could cost to protect yourself from them.
The job of the Director of Security is as important as it is complex, and more so nowadays. In fact, a few years ago, this figure was almost non-existent in water sector infrastructure, and although the Spanish National Centre for Critical Infrastructure Protection has made it compulsory, in some cases it is not given the importance it deserves.
When you face a challenge like this one, where in theory a person can attack you from 20,000 km away to steal your clients' data or open remotely the gates of your facilities (or something worse), cybersecurity could be a dreadful tree, full of red lights, that blinds you and does not let you see the forest.
Specifically, it can make you pay less attention to other security aspects. We sometimes see in some infrastructure a communications cabinet with complex and expensive devices connected to the network and digitally protected against an attack from the other side of the world, with a 10 euro padlock on a fence as the only physical protection.
A chain is only as strong as its weakest link
You can use modern carbon nanotubes, but, if only a single link is made of old, rusted and weathered iron, your chain will break. It is better to spend your resources in good quality steel for all your links.
Although anecdotal, there are some examples of how a small detail can jeopardise a huge project. That was the case of the spaceship Mars Climate Orbiter, which in September 1999 crashed into Mars' surface because those in charge of the navigation system were using the metric system, and those in charge of the launch gave the instructions using the imperial system. A small detail, worth 125 million dollars.
Safer, but less agile
Sometimes, security, convenience and short term efficiency do not get along. We can think for instance about airport security before and after the September 11 attack to the World Trade Center. If you had to go through security checks like that every time you enter or exit your office or any facility, it would be impossible to be productive. But hey, nobody would steal even a post-it from you.
Those old-school security checks are somewhat outdated, and could use the help of new technology. Not to prevent the theft of office supplies, which of course nobody is going to do, but at least to control who can access our facilities quickly and effectively.
As part of industry 4.0, and since we use cyber-communications to provide access permits, we are also involved in cybersecurity
Access and cybersecurity
At Locken, although we are involved in security, what we really do is we manufacture electronic access solutions. Usually, in the water sector we fit under Asset Management and Risk Management.
As part of industry 4.0, and since we use cyber-communications to provide access permits, we are also involved in cybersecurity, and quite closely.
Because our solutions are custom made for the client, we have absolute control over the software, and so we can ensure that only those with relevant authorisations access the facilities. We ensure the quality of each and every one of the links we mentioned earlier. Even the Bluetooth communications system between the key and the smartphone is a proprietary system, that is, we created it, so we fully control it.
Our communications have very high levels of encryption, similar to those in high risk sectors such as the banking sector, and with ISO certifications such as ISO 27001:2013, we make sure we do everything required to fight cyberattacks. But this should not be an obstacle to offer simple and quick management of access to clients' facilities.
The big picture
Infrastructure, their construction, maintenance and operation, evolve over time, always to improve. There are fascinating technological solutions that take us beyond where we are, but that also mean new challenges to overcome. All these digital world innovations and concerns have to be taken into account, but they should not blind us and distract us from our goal: provide a comprehensive, quality and secure service. We should not let the digital trees prevent us from seeing the forest.