IN THIS ISSUE
Message from the CEO
Cybersecurity: Be aware, stay safe
OCWA Board Announcements
Free Webinar: Harmful Algal Blooms
Update on CLI-ECA Applications
|
|
I hope that everyone enjoyed their summer and has managed the transition to the fall season well.
Over the past couple of months, we have seen most students return to the classroom, and more and more people who shifted to remote work in March 2020 starting to head back to the office.
However, despite an increasing semblance of normalcy in some areas, we do remain in a pandemic. At OCWA, we continue to follow enhanced health and safety protocols and to monitor the COVID-19 situation with our provincial partners. As always, our top priorities are the health and safety of our staff, and ensuring the reliable operation of our clients’ water and wastewater treatment facilities and the protection of their communities.
A critical part of ensuring safe and reliable operations is having robust cybersecurity measures in place – and this is the topic of Waterline’s lead story. In the article, we hear from OCWA’s VP of I & IT, Sav Chawla, about the importance of cybersecurity and how to manage threats. It’s a timely piece, with October marking Cyber Security Awareness Month.
|
|
This issue also features details on the final webinar in our 2021 OCWA Water Talk series (topic: harmful algal blooms) and information on the new Environmental Compliance Approval process for municipal collection and stormwater systems. In addition, we are pleased to introduce Hao (Artie) Li and Joe Farag, who recently joined our Board of Directors.
I hope that you enjoy this issue of Waterline. I am always happy to have this opportunity to connect with you. As many of you know, I am retiring from the Ontario Public Service at the end of 2021 – so the next issue in December will be my last. Until then, please feel free to reach out to me personally with any questions or comments you may have on the Agency and our services.
Stay safe and be well.
~ Nevin McKeown, President & CEO
|
|
Cybersecurity: Be aware, stay safe |
|
Incidents on the rise during the COVID-19 pandemic |
|
To mark Cyber Security Awareness Month, we spoke to Sav Chawla, Vice President of OCWA’s I & IT Division, about the importance of cybersecurity and how to manage threats.
Cybersecurity – the protection of internet-connected computer systems and networks from outside attacks – is one of the most serious economic and security challenges Canada and Canadians are facing, according to the Canadian Centre for Cyber Security.
That may not be news. But maybe this is: Since the onset of the COVID-19 pandemic, organizations in Canada and around the world have seen a rise in cybersecurity incidents affecting corporate devices (according to reports from IBM Security, Panda Security and others).
“One of the reasons is because more people are working remotely,” says Sav Chawla, OCWA’s Vice President of I & IT. “Even with excellent cybersecurity for work-at-home in place, organizations can face increased risk because people tend to behave differently at home than in the office.”
Risky behaviours
Risky behaviours include visiting unsafe websites while on a work device, allowing others in the household to use a work device, and using work devices for personal reasons. These behaviours put an organization’s network and data at risk.
One of the most common methods cyber attackers use against individuals is phishing. This is where an attacker poses as a legitimate source in an email. The goal is to trick the recipient into sharing confidential data such as credit card and login information or to install malware on the victim’s machine by encouraging them to click on a link.
Sometimes there will be obvious indications that the email is fraudulent. For example, the sender’s email address will contain a series of jumbled letters and numbers and the message will contain typos, grammar mistakes and strange capitalization. However, Chawla notes, cyber attackers are becoming increasingly sophisticated and we should all be extra vigilant.
Email addresses forged
“More and more, organizations are experiencing a specific type of phishing called spoofing. Your employees receive an email from a trusted source – such as a work colleague or supplier – asking for sensitive information. But in fact a cyber attacker has forged the sender’s address.”
|
|
What can organizations do to protect themselves? “Awareness is key,” says Chawla. “You can have the best cybersecurity measures in place, but your employees are your best line of defence against cyber attacks. Help them to develop good cybersecurity hygiene through regular and up-to-date communications and training.”
Simulation exercises
Organizations may want to consider phishing simulation exercises as part of their cybersecurity toolkit, says Chawla. During these simulations, an IT department sends out fake phishing emails and tracks how people react. Some staff will identify the email as suspicious and report it – whereas others will click the link in the email. The clickers will get a pop up alerting them to the simulation. “These exercises can be very effective in raising cybersecurity awareness. They provide a real wake-up call for some staff.”
While phishing and other cybersecurity attacks against individuals are on the rise, so are those targeting businesses and organizations as entities, including utilities. Chawla cites the case earlier this year where a computer hacker gained remote access to a water treatment facility in Oldsmar, Florida, and tried to compromise the water supply. A quick thinking operator was able to interrupt the real-time attack, avoiding a potential public health emergency.
Data held ransom
Increasingly, hackers are using a form of malware attack called ransomware against victims. The ransomware prevents users from accessing their systems or data and demands the organization pay to regain access. A number of Canadian municipalities have experienced ransomware attacks over the past several years.
In the face of these increased threats, Canadian utilities are being prompted to assess their cyber systems for vulnerabilities and take action to protect their operations. For example, Halifax Water, which provides drinking water, storm and wastewater services to more than 300,000 people, is looking to beef up its cybersecurity.
As a trusted water/wastewater operator, OCWA considers the protection of client data and operational systems to be a top priority, says Chawla. The Agency employs robust cybersecurity measures, such as real-time detection, intrusion protection, regular employee training on cybersecurity threats, and advanced anti-malware software (read more in this past Waterline article).
Educate staff
Chawla adds that it’s “vital for municipalities themselves to also have protocols in place to protect their water and wastewater systems. For example, ensuring that any third party contractors they hire are accessing the systems in a safe way.”
She also recommends that municipalities and all organizations educate staff (especially those working from home) on cybersecurity hygiene and provide a clear and easy way to report suspicious activity.
If you are an OCWA client and have questions about how we keep your data and systems safe, please reach out to your local representative or email ocwa@ocwa.com.
Additional Resources
|
|
OCWA is pleased to make the following Board announcements: |
|
Hao (Artie) Li is a Chartered Professional Accountant with eight years of professional experience. Hao graduated from the University of Toronto in 2013 with a degree in Accounting. He started his professional career with Ernst & Young LLP where he worked as a senior accountant and serviced clients from a wide array of industries such as Medical, Manufacture, Government Agencies, and Not-For-Profit organizations. Hao is currently the Chief Financial Officer of two publicly traded companies in the resources industry where he spearheaded multiple acquisition deals and managed operations from multiple foreign jurisdictions.
|
|
Joe Farag is a public finance professional with over 30 years’ experience, including 25 years in senior and executive management positions with the City of Toronto. In 2017 and 2018, Joe served as the City's Interim Chief Financial Officer, overseeing a $17-billion annual budget and providing strategic financial and policy advice to the Mayor and members of Council. Joe also served as the City’s Executive Director of Corporate Finance for a decade, with direct management oversight of the City’s multi-billion dollar investment portfolio and debt issuance programs, insurance and risk management, intergovernmental finance and corporate policy development including policies dealing with taxation, development charges and water and wastewater pricing and financing. Joe has developed and led many unique financing arrangements and public private partnerships to deliver major City building initiatives in the areas of transit expansion, affordable housing and social and recreational facilities. Joe holds a Bachelor of Commerce degree and a Masters Degree in Economics and Finance.
|
|
Free Webinar: Harmful Algal Blooms |
|
Don't miss the final webinar in our 2021 Water Talks series, Harmful Algal Blooms: Challenges, Monitoring and Management at Water and Wastewater Facilities, on Thursday, November 25th.
This Water Talk focuses on the emerging issue of responding to harmful algal blooms at water and wastewater facilities, which is a growing concern due to climate change. OCWA's Sangeeta Chopra, Director, Process Optimization and Technical Services, and Angela Storey, Director, Corporate Compliance, will explain the what, when and why of harmful algal blooms and their impact on meeting compliance requirements. Sangeeta and Angela will also share a few examples of monitoring and remediation steps taken across OCWA and provide high-level suggestions for monitoring.
Registration details are coming soon. Please contact your local OCWA representative or email ocwa@ocwa.com to get on our Water Talks mailing list or to see past Water Talks recordings.
Not able to attend? We will be starting up the series again in 2022!
|
|
Update on CLI-ECA Applications |
|
The Ministry of the Environment, Conservation and Parks (MECP) recently approved and started the implementation of a new and streamlined Environmental Compliance Approval (ECA) application process dedicated to municipal sewage collection systems and municipal stormwater management systems within the province.
A Consolidated Linear Infrastructure ECA (CLI-ECA) is a single approval that is intended to replace the numerous pipe-by-pipe sewage works ECAs that have been issued for these systems in the past. There are two applications that require submission: one for collection systems and one for stormwater.
The Owner is expected to submit applications electronically by these dates:
- January 21, 2022 (ToR, communities with combined sewers)
- February 18, 2022 (larger communities)
- March 18, 2022 (smaller communities, most northern and eastern Ontario)
The MECP will be holding webinars throughout the fall to discuss CLI, and how they plan to implement the approach. They will also be engaging with municipalities closer to their potential application submission date, to provide information on how to prepare these ECA applications.
The ministry may be providing some flexibility regarding the application date. Municipalities that feel they may be in a position to need an extension, or have questions for the MECP, should contact enviropermissions@ontario.ca.
If you are an OCWA client, your local team is also available for questions about the new application process or the services that we can provide to support you. Please feel free to contact your representative directly.
|
|
OCWA is an agency of the Province of Ontario mandated to provide safe, reliable
and cost-effective clean water services to the people of Ontario.
Copyright ©2021 Ontario Clean Water Agency. All Rights Reserved.
Waterline est disponible en français sur demande.
|
|
|
|
|
|
|
