IATC - Blood in the Water: Preparing For the Feeding Frenzy

okay everyone so um third time here uh this year we're talking a little bit more Josh is once again um informed me of some things that I didn't know about and now I can't sleep anymore um so some of these slides are just for for anybody that needs a deck but real quick uh I'm not an operator I'm an automation professional um and a professional engineer so um my job I have a duty to protect the public that's being a PE means I my personal license is on the line for all the work that I do um and where I focus is the the the area of operational technology some of you probably know it as IC industrial

control systems or automation or not really robots but it's all kind of the same the same stuff it's not it um I'm not a hacker I'm not a cyber guy um but I can certainly find the problems when those things occur and um as three or four personality profiles have told me I'm a challenger of basic assumptions that's probably why we get along so well um I have four basic principles one there is no such thing as an accident that is an impossibility someone has made a decision someone has put something in motion to cause an incident to occur there's no such thing as an accident people are the asset so we talk about all these assets and D da

unfortunately the finance people s figured this out excuse me on the balance sheet you're all are liabilities I never have understood that especially if you're a consulting firm when what you do is sell people your people are a liability not on the asset side of the equation one of these days they'll figure that out um I'm really excited about cyber from the standpoint that it is the great unifier um it is the one topic that every business division in any company has to get unified on or they're going to have a lot of problems right so I see that as a huge opportunity and um in my opinion cyber is just one of many many many many many risks that we

have to manage every day so I think one of the talks earlier was about risk management that's really what cyber is all right so let's get going here let's go on a journey let's talk about where we've been over the last couple of years um where are we and where we're going um and what we do to change the path so last year year before I think I threw this one up um just to give everybody an idea of just where is it that your water comes from right so um and and how much we as humans impact that um uh if you're a climate denier you know I'm sorry you know science doesn't care what you believe so

the um the things are that you know snow it's just a big cycle right we don't create water there is no like some magical hand comes down and creates water it's always in cycle um and we contaminate the hell out of it with everything that we do and we let the ground suck all the contaminant out we put it back in and it starts all over right so just as a as a point you know as we run it through water is one of the few resources we only use once now there are some cities that are starting to get smarter about that but if you think about it when you flush the toilet where

does it go back into the river for the next city to suck in and process and ship out right but you've only used it once um like I said there are some cities that are getting a lot smarter you'll see the purple pipes is a universal color for recycled water um it's not treated enough well enough to drink but it's well enough to water your grass which is a concept I've never understood um so also you know water's a utility right so water you think of well it's an electric system Electric Systems in in Water Systems all have the same customer um they both have meters on the facility they've got some delivery device into

the facility um the difference is that there is no National Grid of water right so I can't buy water if I'm in Maryland I can't buy water from La um from a wind farm or from a a a Lake right so all your systems are local so the water that you're drinking at home might not even be the same water you're drinking at at work right might be two entirely different systems which also means two entirely different sources um when you get into water there's there's you can pull water from Rivers you can pull it from a reservoir or a lake you can pump it out of the ground uh there's a lot of different

areas the the failures that occur in those systems can can re Havoc but it's localized right um let's think back not too long ago to to uh Jackson Mississippi right uh completely shut down a town that was already uh in bad shape and uh on the water side we have to treat the you know the electrical guys they just pump it to you and then the electrons go off into the ground and you suck them back later right water we got to do something with it we can't just dump it on the ground we got to treat it and we' got to make sure that it goes back in a clean environment so has anybody really uh

anybody been in water industry or uh complex manufacturing so let's talk a little bit about what an OT Network might look like or or a water Network at a at a facility um and why this problem is so complex so this is just a a high level very high level view of all the different systems that exist at a water uh utility um there's a lot of Point Solutions the the one of the challenges that water utilities have are they don't have the money or the expertise to go out and buy sap that combines a bunch of stuff into one database right they end up with a ton of little Point Solutions so your customer data might be sitting

you as a billing as a receiving a bill that might be sitting in one database but the data about the meter on the side of your house is in another database the pipe that's going into your house is going to be over in another database um you know it just it it's just a a hodg podge of of information and as I'm sure we all understand right what happens when we have all sorts of different pieces of data all sitting floating around out there it increases our tax surface right did I get that right all right d so um and and the other challenge that I see in the water industry is we've got a ton of vendors

coming in and say oh you know what I'll improve your billing by 10% um give me all your data and I'm going to pump it up to the cloud and now I got now you've got a connection the cloud um a lot of utilities are moving to um uh Smart Meters great stuff right smart meter um did you know that I can tell if you have a prostate cancer issue from your water meter if you flush a toilet a lot at night and when you should be sleeping generally somebody has some kind of an issue that we're dealing with um that the water utility doesn't own that data when they hire a badger meter or somebody else they give up the right

to that data so it's kind of like the the Facebook metadata stuff right or the the NSA and the metadata right you you don't know where that data is going so um you know that's what it is uh on the OT so if that was the overall Network the Enterprise Network on the OT side this is a pretty good example of the challenge that we've got in a water system is similar to an electric system in that it's a geographic nightmare right it can it can span for hundreds of square miles I've got might have a pumping station on one side of a mountain that I got to talk to back to the the main War the water source and

I've got to pass all that stuff through so again attack services are are everywhere I got you know the a lot of these networks are so old you know they're 450 megahertz radios out there talking to each other guess what when those things went in there wasn't a thing as such as encryption you got to have a lot you got to really try to to get onto the network but it's possible um so again a lot of stuff going on there the cost of improving these systems ranges in the tens of millions of dollars to go in and and Swap this stuff out um there's a lot of ways to do that but you know who pays more

than let's throw a number out is anybody in here pay more than $100 a month for their water bill right it's probably costing the utility $200 a month to deliver it to you but you know you we talk about raising the the utility fee by pennies and everybody has a heart attack so this is an area that's very underfunded and requires a lot of Grants and things to make that stuff work so replacing this stuff isn't in the isn't in the in the future so there's a report um came out uh recently 2012 that said uh hey guys we have a problem in the this was like at the beginning of all the infrastructure talks right infrastructure week d d well

in 2012 a water industry came out and said hey we've got a trillion doll problem forget about all the Technologies we're talking about the pipes in the ground we've got to get out and replace all the pipes in the ground that were only supposed to last 60 years 50 years they're now approaching 100 years there's still pipes we digging out of the water out of the floor out of the ground in New York City some of the bigger cities that have been around a little bit longer that are wooden um cast iron everybody remember Flint Michigan all the lead problems right so that problem has not fixed itself um and it's only getting worse so keep that in mind as we talk

about a few other things so I say cyber is barely on the radar if you look down at you know computers and and workstations and cyber and uh Cisco switches and things like that they're all on these Cycles right when you get into it you get budgets for that stuff um you know who's working on a laptop that's older than four years old right from your company um I can tell you that I readily go in and assess Control Systems you know you get to do your email on a four-year-old machine but you're running your plant on an NT box it might might be under 10 years old B um so we've got this huge disparity

between the the control systems the brains of the entire operation um and some of the stuff is so old it won't run on anything else so now we we've got to keep things alive based on eBay um but more importantly the 60-year-old stuff the stuff that's in the ground the pipes we haven't been able to figure out how to replace that I I remember having a conversation with one uh surprisingly large city and they were talking about oh yeah we we're replacing 10 mil of pipe a year and so I was like okay so you've got like there's like 3800 miles of pipe I was like so 10 miles it's going to be it's like correct me if I'm wrong but

the pipe is going to be obsolete before you get back around to replace it again it's like you know I'm not a mathematician but you know I know how to use Excel so this stuff is going on all the time and unfortunately there's just a lot of competing competing folks in the in for the money right and then this is the other one that has cracked me up so I I entered the water industry about 2014 and you know I was all excited about how everybody talks to each other and they do these surveys and everything so this was the most recent survey from 2021 and I I should have found the one from 2014 cuz it's

identical I well I mean they move around but they never change right they never say hey my God cyber security big problem well until I started talking to Josh big mistake um so each year it's the same list only it's in a slightly different order right and it kind of I I started to call it the fad list because it's just like whatever everybody kind of thinks is the issue is what shows up there's not really a whole lot of analysis um so since our last meeting there's been a few things going on that have been pretty exciting to my mind we had some presidential strategy coming around around um a call for the EPA who

if you didn't know the EPA goes out inspects every water system it's a sanitary inspection sanitary survey they go out to every water system um I think it's on a yearly basis might be every other year um just to make sure that things are in good shape right um they're checking for that you're doing your samples correctly and and your equipment's working and stuff so brilliant idea let's call let's use that same resource to go out and also do a quick assessment on the cyber security posture of these of these facilities so that got shot down by the water industry because we don't want anybody coming in and telling us what to do um a lot of

internal arguments going on about that um I I don't quite understand why um you know to me it was something we could start to work with it at least it was a good framework the people inside the water industry have been asking for something like this for a long time but we decided to shoot it down um our friend the volt typhoon thank you Josh other thing I was very happy not knowing about um that was been revealed um do everybody remember the little pump attack on the Israeli pumps that came out a little while ago we're going to use that as an example here in a little bit um that's been new and um I'll I'll defer to Josh for

this one because I don't know a lot about it but this is where some of the the current thinking on uh that's really got me engaged about the cascading failures right um so we'll we'll use that here in a little bit as well um crowd strike so everybody REM well I don't know weeks ago so there's a few folks in here that might not know this but everybody how many people remember the old saying never got fired for hireing IBM right we're going to go out and get crowd strike cuz they're the best and we'll be protected right so Ira was talking about earlier about open source um how you know he doesn't understand why people don't understand

open source I understand it fully I can't sue open source I can't transfer liability to open source well if I'm the general manager and I'm trying to figure all this stuff out and my insurance companies want to know what the we're doing for cyber ah we got crowd strike so you know diversification of of vendors I think is a very important um problem that we've got to start dealing with um and then I I do agree with Ira's hockey stick thing dragos trout strike they're not out there to do cyber they're out there to make money let's just be honest about it right so um and then this whole concept of cascading failure across sectors um we'll do a

little bit of exercises on that here in a minute so um is everybody following this this concept any questions yet on your where your water kind of stape your Waters in before I roll into some exercises so everybody know your where your water comes from is it Wells or aquifers or a lake or a reservoir you know what plant it's coming from you know how old your pipes are this is all publicly available information you go and ask for it okay well we'll keep on rolling then ready for the the audience participation did I cover everything keep going okay so let's get into some of this what is a cascading failure anybody

right one failure into the next one into the next one right just keeps like what's another word for The Dominoes right boom boom boom boom boom boom right so one failure triggers another failure triggers another failure triggers another fa so let's do a little example we'll pick an easy one um oh I should have coordinated this and turned the lights off at the same time rats so power goes off in this hotel right now what what's the next thing that happens what do you think happens what was that generator comes on but what's the generator going to

run well no I'm sorry the generator is really just going to power the life safety type stuff right some some of the lights not all the lights I bet the AC's going to turn off right but it's going to control enough stuff that ensures the safety of people right that's all the requirement is I you don't have to keep the cash register on although I'm sure they do here [Laughter] that's life safety to them so you kind of get that that process right so the generator comes on what do you think else is going to happen to escort us out all right there's going to be something happened with people right do you think there I'm

sorry everybody's going to turn their flashlights on so there's going to be a little bit of confusion right everybody going to try and figure out what's going on where are they um is anybody going to panic yes yes yes is it rational panicking maybe maybe especially if you're in the bathroom right and it goes totally dark what else STS air conditioning is going to stop what's it going to do in here when it's 10 12 did it finally where were you right now yeah when it's outside how long are we going to be

comfortable so I can keep asking what else is going to happen elevators throw them out here elevators will fail elevators will stop elevators will likely stop and that makes sense right they're supposed to you're not supposed to use elevator and fire so it's kind of the same thing do you think there's going to be a notific that go out maybe I bet the fire alarm I bet the fire alarm will probably call out right say hey I've Lo we've lost power um we'll need help of some

kind people hotel maybe let's say it's a long outage right so it's longer than longer than a day I doubt you're they're going to let I doubt anybody's going to let somebody sleep in 112 degree room right so yeah there'll be a pretty big massive evacuation so can we all say though it's going to be pretty controlled I mean there there's no real life threatening emergency going on right at the hotel uh unless somebody gets trampled for a mass panic or something right what was that I I'm sorry the hotel doors may or may not open oh yeah well um and In fairness there's a mechanical piece to that right they all have breakable way

so I don't know if you noticed that but every every one of those doors will break away so I would argue that there is in fact potential for lifethreatening issues because if you have people who are on insulin if you got people attending this convention or in their rooms and they have insulin and they lose their fridge they're going to need to go to the hospital or they're going to die right interesting so we might have all of a sudden a real supply problem right all of a sudden a bunch of insulin that's in the in these refrigerators is going to go bad well they got to go replace it from somewhere great sorry now that you mentioned that

the fridge I was going to say you have all the you have all the restaurants here you have everything that depends on so all that food's going to spoil not to mention the casino uh you know they'll lock up the trays so there won't be any more income coming in so than good yeah but yeah everybody money stck in machine everybody's got going to want their money back on their machines that are right I won this what happens that could be turned into a panic attack as as someone who lives in Houston and spent nine days in July without power in our area deregulation is finest um although in all fairness I have a whole house generator so my house

is air condition but here's all the little things that people bringing up there's a myriad a ton T of disassociated that cannot be centrally managed issues the city can manage some things traffic lights the city can manage some things getting gas to gas stations the city can't manage insulin people going to the ER the city can't manage all sorts of tons of different things and so one thing trips off a wide variety of unmanaged events and there's where you becomes he was he's not a plant okay you had one I was going to say first first nine days was a really long time yeah but I mean like I I've lived in New York City for 27 years we had a

blackout in 2003 sorry I was going to say I lived in New York City in two like when the big brown out there was a big blackout in 2003 the city did not panic I mean everyone kept their cool granted the power went back on about 6 hours later you know the stores were giving away ice cream you know it was kind of a carnival atmosphere it was nice sunny day it wasn't like there wasn't a storm bearing down on us right but the mass panic that you might Envision that doesn't really happen we don't even have looting this time we did in 77 but this time things things are pretty cool now nine days

that might be different right right fair point so oh yeah this is good local perspective yeah so all the hotels are on solar grid that they went off the main grid I think it was at four or five years ago so they're all in their own grid they all PID for solar power you'll see them out in the desert uhuh different places kind of a good idea also we're a number one destination uh terrist City potential so we have systems we got a lot of number ones going on here um so in a regular place yes very much but even and then as far as people panic game how many were at Defcon last year how many were at the

bomb threat last year like no one panicked everyone was just okay I want to leave so what you'd also would see immediately is there's a lot of plane closed officers there's also a um fire station on the Strip which would immediately all go into an act until they know it wasn't a terrorist event great you're all falling into my webing over here so um I think it's f standing worth punctuating that it de it really matters how long the downtime is so we can usually have a downtime tolerance and a recovery time objective but most of these infrastructure plannings are not really thinking through how bad it can get and then on the solar panel

thing I'm going to call an audible and give this to one of our future [Laughter] speakers so for one hotel fair enough there might be a backup generator for the rest of them the way the grid is set up around the the strip there's small pockets of micro grids that would kick in for maybe four hours right um but other than that the solar can't actually this is one thing that's actually caused fights and riots in other cities as people believe that their solar is going to give them backup generation they were misss sold it by a whole bunch of installers over the years I'm going to get murdered for saying this by someone um but yeah they miss sold it over the

years and so people started to believe they'd spent all this money on backup generation and it was actually just a solar plant they couldn't do it so um there's this interesting feature of renewable energy that's also creating riots during outages which is fun so China it's all China it's all made in China yeah so some what are some common themes there so the the the duration of the outage matters right um how impactful it is to to life um it matters um size geographic area size I won't say [Laughter] that can we get in trouble for stuff like that good true right I I passed through something in the airport says if it happens here it happened here the

question of how long is it known now that's a great point right so when it initially happens there's a bunch of people that get deployed to start figuring that out but that's you know that never really gets out there it's like sitting at the gate it's like what's going on now so for the folks on the video the statement that art made which was very oh profound yes is that when the event happens while you're in the event you don't literally know the duration of the of the event right and people get mad generally when they don't have a planning Horizon because they don't know if they should stay or they should go or if they go where should they go yeah yep

that's a great point and the the other part that I'm not sure is a little more more difficult to pick up on and and Josh has educated me on this the other thing that we're relying on there is that the people that we're relying on aren't living the same Norm thing that we're living right so the firefighters have a place to go that has electricity and air conditioning the hospitals all those folks have a place to go and come back to work and help us out you had another point we believe that we believe that the city of Houston found nine fire station which the backup generators weren't even installed weren't installed they were there so repeat that in so the

the what he was say was that the city of Houston discovered nine nine fire stations had physically had generator but it wasn't installed perfect the regulations in the city you live in yeah really okay got repeat it so damn so uh those the regulations in the city you live in can also impact this in the case of Vegas air conditioning is fairly important hey um one thing who people who won't have fire is the laneman or Lane workers families is usually one of the more interesting if the whole city was out the people that actually need to come and probably fix something and check what's gone off generally also have families who will be stuck with

nothing and distracting Web is starting to get bigger yes I don't think I've heard it first thing I want to do is

look so the first thing first thing that might lead to some Panic is whether your cell phone still has coverage right so whether the tower is still alive so how big is this outage kind of to add to the the point of person over there that mentioned it and the regulation is um this past winter had a outage on the coast in Oregon and one of my co-workers with their solar that they were promised would work during the outage which was about a week found out as soon as power went out that the converter wasn't set up to flip over to the back it but it had never been tested and I I think that

kind of goes to a lot of the points of yeah there's no testing in a lot of it right good point so a false sense of security all right so I'm weaving a web here so let's take in a different scenario so let's talk about the Cyber Avenger attack so some pump controller I I could care less where it was made um I couldn't care less where it was made um so let's just say some device I think we talked a little bit about that with the tractors earlier some devices out there right that somebody's embedded some software into and they just side one day they wake up on the wrong side of the bed and they turn it all

off in the OT world the common well the the the best thing that we normally do is we just start replacing stuff so let's say this is a a crowd strike level controller so everybody's got four two one whatever so these things fail we can probably get by there's portable generators portable pumps um the water industry has got a lot of backups so we can probably throw something in there for a little while but we need to replace this controller so we're going to call who call the person that gave it to us right installed it for us so they're going to need okay so now I got this all of a sudden this tiny little company

that probably doesn't have you know who knows where they're made but all of a sudden they're going to get hit so the we're talking supply chain so let's start thinking about what happens in a supply chain around something like this so are they going to have a hundred of these things are they going to have 10 2,000 of these things sitting around most likely not well and and and be so the lead time on stuff like this is generally weeks um you know thanks to our friends in the automotive industry and justtin Time Manufacturing there's not a lot of spare inventory laying around um a lot of time s when we do capital projects one of the

line items in the capital project is to supply the project with spares critical spares um I am shocked at how many times it actually doesn't happen that that money ends up going somewhere else in the job and the shelves are bear yes sir I think you had commented earlier like this might be a small company maybe they don't have a whole lot of customer service reps uh this leads potentially to an information vacuum at which point malicious people might start taking advantage of the situation yeah

yep now I know this is a hypothetical but if I recall that compromise or quote scare quotes hacking was a password of one one one and couldn't we assume that if it's replaced by the same manufacturer that they the new Replacements also have said floss information vacuum do we even know at the time did we even know what it was right we just knew that this thing was acting up and this I if I recall right this actually didn't cause any damage this was a a threat that came up and I think one utility or two utilities actually had a problem I want to bring you back to your earlier slide about how many little water companies there actually

are this is not dealing with big water companies this is dealing with literally right there 151,000 different water companies how many of those and this is a question for you because you've been there would they even know what sub and what year installed that stuff so do they even know who to call do they even know they have a problem exactly short of oh it's not working now I have to go get someone like your company to come out and figure out why it's not working right and it's kind kind of like when air conditioning season starts anywhere in the country hbac companies are like king that's a great point so anyway what I was trying to do

here think of also the the toilet paper crisis right there was no real toilet paper crisis but we sure as hell manufactured one right and out of out of what what did somebody else have sorry that in the blue

shirt is if that's so with the pump controller if that's the one model that's everywhere then everything that's in stock is also that one model which means your supply chain problem is just your supply chains jumped just is is gone which means you have to go back to manufacturing right uh and redesign something or or whatever works and then the issue with the the paper the toilet paper um most it there was plenty of toilet paper the problem is it was in the wrong format because they had U the the toilet paper that went to corporate locations was was was in excess they had way too much of it but the toilet paper for home use was was there wasn't there

was actually a supply issue right because of where people were using it yep yep so just trying to get us to think a little bit about supply chain so first the first scenario was thinking about the the people and what you know is going on in your world this one's a little bit about supply chain so guess what let's bring them all together so city of Las Vegas uh a smarter presenter would have looked this up before the presentation uh I know there's a city the city has a um one major uh utility um but let's just say that the whole thing fails now how could it fail funny you should ask so um again Vegas probably isn't as bad but

let's pick maybe I should have picked a different location but if if somebody were to get into the controllers in the IC System and hit everything with the water Spike or water hammer does everybody know what that is water hammer so if I am uh if I change the direction or the the velocity quickly in water it creates something that it's basically the sound the speed of sound and it moves through the water pipe in a in a spike um and it generally sounds like somebody's hit the pipe with a hammer water hammer so you can hear these things in manufacturing that happens all the time well if you've got a pipe that's 70 80 years old it was only

supposed to be on the ground for 40 years old and you hit it with a spike that might be two or three times its design capacity brittle equipment overdesign pressure what might possibly happen poof right worse than that it's probably going to go poof in multiple locations not just one because a spike rolls through the whole whole system so that's the water hammer right so everybody learned a little process today and be on the test lock the door um so what we've got to do then is say okay well how big of a deal is it to create something like that well I could use a pump controller if I'm flowing and I'm keeping pressure um average water

pressure at somebody's house is about 60 lbs um 45 to to 80 is kind of what the rules are um but let's say we hit that thing are we can stop a pump we can stop a whole system so going from 60 lbs to zero or Zer to 60 lbs either way can cause a problem it's going to be a lot easier to stop it so we could stop it we could close a valve and send the shock wave through the system um either way we can create some pretty big problems right so so I don't want people to think that this isn't something that can can happen this is something that can happen there's a lot lot of lot of equipment in

place to keep these things from happening we uh we put devices on valves so that they they close very slowly regardless of what the control system's doing um so there's a lot of mechanical things in place but it can happen so let's just say we we take out a couple of the big Ms um that are feeding the whole system right or we take out a couple of plants so Josh has been wanting to talk about this for for weeks so so let's start down the process so there is no water turn on the tap we're all going to have water for a little while we're going to be a to flush the toilet for a little bit

because gravity is our friend in water right so you the reason we put water towers up that's a direct pipe to your house we don't control it it just however tall the tower is that's how much pressure you got at your house right and then there's Regulators throughout the system so there's all those tanks are going to have to empty out we're not going to be real we're not going to be able to refill them but somebody's going to be out there watering their grass in the middle of a water outage and all that water is going to go to somewhere it's not needed because we don't you know it's America we don't tell people what

to do so we don't control that stuff so couple of day maybe maybe we get by for 24 hours let's just say that we get by for 24 hours and now we now though you turn on the water faucet and it's done what happens next so you don't have water at home you don't have water at the office who else doesn't have water restaurants restaurants don't have water so electricity is still on so the food in the fridge is okay but you can't wash it or clean up or fire hydrants fire hydrants don't have water guess what your fire hydrants guess where they're fed from same place as your house I got one for you Dean sir uh the

data centers that need about five Gill 5 million gallons a day there's a couple of major hubs here those those can't those servers can't run without water agreed yes I will just make it simple yes so data so this uh concept of losing your Tower might be a real possibility my dentist office will close why would your dentist's office close David because without water the nice person can't spray water into my face as they clean my teeth okay fair so they'll close yeah and my teeth will not be clean that and that we don't want that no it will probably shut down the airport airport is going to shut down you can't run an airport you can't run

an airport without an air crash rescue Without fire trucks and if fire trucks don't have water they can't make foam and if you don't have a fire department you can't run air commercial airplanes what would happen here at the hotel we'd all cook no AC no restaurants no AC no restaurants no fire protection are you going to be able to occupy a building Without fire protection can fire with firewatch but most people are going to want to check out and go where airport so that's not going to work so where are they going to go next Rent A Car do you think there's enough rental cars here somebody said one word it was a very important

word started with an H H hospitals hos Hospital hospitals hospitals so we can't run a hospital without

water that's all right we just put off all the elective surgery oh wait there's already patience in there so all the people that we we were relying on to help us evacuate from here they don't have water either demigration population population what was that so we'll be able to use up some drinking water bottles for a little while right so Christian's Pro hopefully going to double click on this in his talk but uh not only does the hospital come to screeching help pretty quickly but the or surrounding population gets dehydrated and needs medical attention so decreased capacity combined with elevated require needs right so now do you start to see this cascading failure scenario right so we won't have to blor

this much more I think everybody sees where we're going with this um and nobody's running for the hills yet I thought maybe it's sign a good idea to build a city of maybe it's s a good idea to build a city of a million people in the middle of a desert put that into your tourism commission there um so anyway this concept of cascading failure to me is a fairly New Concept um you know we've all talked about our individual sectors having problems and what that does I I think Co and some other things and some of the advanced thinking that Josh and his guys are doing has been pretty interesting around this so um just talking through

some demand side users so we lose the water plant we lose our source of water residentials you're no longer going to be able to have portable Waters or sanitary water commercial buildings industrial energy not going to be able to make necessarily make water or make electricity for a while um after again after a period of time even the data centers you know they've got reserves right they're not making new water but eventually those reserves are going to evaporate um it just it just it rolls down so I wanted to show a couple of things so domestic water use in gallons per day um over here on the right um Josh was very keen on this because of

how this map correlates to other maps that are out there uh and and where these population centers are and how critical some of these you know there's critical infrastructure and then there's like critical infrastructure so you've got this and you know you map that against uh each circle here represents the size of water with all by county and this I I did this little one here over just to give you an idea so that's 2100 million gallons a day do anybody put that in perspective what a million gallons looks like again a smarter presenter would have put that together for you but again look at some of these dots right look where they are obviously big

cities but also out in the middle of nowhere where you're doing a lot of irrigation for Farms right so back to the Agriculture and food production so these things all start tying together look at Southern Idaho you think of that much right I thought that was interesting too Southern Idaho being all that down in there um Wyoming now we're into now we're into our uh geography part of the test right so that that I I got to figure that's some something to do with agriculture or are ranching Farms you know those sorts of food production things yes sir so in the previous slide it had like Idaho Utah so so uh yeah gallons per use

per person per person okay yeah I was going to say it's a lot less uh populated in yeah yeah that area it's a little misleading um you got to analyze it to pull the info outl yeah I could do that that'd be smart again a better presenter well that that's the percentages right so the colors are the gallons per day per user per person and then the percentages of the change just had a question um in this area Clark County everything indoors is recycled so the hotels to the homes so how affected are they by a loss of water supply fine so this was back uh I think this graph was from 2015 so that's a

recent development and so that wouldn't have been in here okay I was just kid no you're right you're right that's changing I mean challeng I wasn't I was asking how affected would we be by a loss of outside well again most recycled water isn't reused for portable water so you can use it to wash flush a toilet but you're not you most places you don't drink it so good point Thank you and that's and that's where we're getting smarter right to make ourselves more resilient couple quick points one it depends on where the break in the pipe is if it breaks in the pipe even if you're recycling you may not be able to get it back once you've sent it out

because your in is broken yeah and this was a lot of this is kind of interesting was covered in 2017 by a man named Michael Assante who went and wrote a very paper that everybody hated which said mega cities are set up to fail because of the Cross connection of all the intricacies yeah everything's and basically once things start to fail you can't stop it and that was not received well by any major government and then just to kind of wrap all this up so you know water isn't everything um and I I think that's the the point here of this sector is there needs to be a a better focus on it um for a variety of reasons there's not sir

just before you leave that last run there um one of the things I I'm still trying to learn I think this analysis of like consumption versus dependencies versus Nexus with food or Health Care is really important um and going to be looking at that with the the next 12 months or so yeah the part I don't have a good feel for yet is if there are bursts underground older pipes what is our best case recovery time and and that's for one city but these types of flaws are present in the supply chain for most cities most towns so how protracted could could this be and how would it be prioritized in this remediation depends on the how coordinated it is right

um I live in New York City we have water pipe bursts like every 2 weeks um it is a very common thing cuz pipes are very old right um it's just something we deal with it's accident though that's accidental um yeah yeah it's just just cuz the pipes aren't replaced um until they break uh but it's something we just live with yeah so we got about nine minutes left let me wrap up here and and get you moving so my fears um being in the industry um you know the infrastructure is brittle uh both physically and and whatever the other word is it just it we're just in a really dangerous spot um I believe that

the attackers are already out there practicing and because we're not out there collecting this information yes we do have a water ice sack as well um but it like everything else is you know more of a hands off um so I don't think without any kind of centralized monitoring you know if you work for the water utility you're probably not going to want to let the public know you've been hacked or you've got some problem right um you're already struggling to get every money every penny of R rate increase that you can now you're going to have to answer questions why you're not more prepared um and I'm my big fear is we're just bearing our heads because the

problem's too big it's a giant elephant you know you got Technologies out there that run the gamut of 40 years old to to just bought this last year it's a lot of problems to deal with and we're also hiding behind Insurance um a lot of Point Solutions hey we have crowd strike um you know so we look for a lot of Point things that can take this off my plate I can check the box when the when the survey comes out says have you dealt with such and such I can say yes I have whatever so for opportuni to engage um you know stay please stay come back tomorrow more solutions tomorrow um I I like uh I don't think we fully

vetted it yet but I like this concept Josh came up with shields up or uh or connectivity down um I'm kind of thinking of you know I I haven't been stayed engaged in this group as much during the the downtime that I've got um when I'm not here I'm trying to figure out how to stay engaged um if there's a a group of folks you know I'm thinking of things like the government does offer through sisa and nist and some other groups and the labs to go out to these utilities and do surveys um I'm thinking of what what we could do around that as well as doing some remediation not you know it's one

thing to know you have the problem um but that also presents its own problem um you know attend your meetings your local meetings learn about your Water Systems what are they doing to about it um chances are you might end up being the smartest person in the room on this topic uh if you start to think about the workforce that we've got back when I started what I needed to know I needed to know something about plc's the HMI the screens uh desktop computers Network switches and some other stuff today the amount of knowledge that that same person needs to know it's not possible to exist in one person however we're still only hiring one person to do that

job instead of five or six people that it really makes to do with the job so I'm sure that anybody's going to going to need the help um like I said we do have a water ick uh again it's the the industry is very touchy about releasing this sort of information and they'll hide behind a lot of stuff and um and that's it that's me so if you have any questions uh before after you can hit me on the email or a phone number and I I'm on the only social media I participate in is LinkedIn um and that's like once a week all right all right please join you and thank you de