To: Members of the Castle Rock Water Commission
From: Mark Marlowe, P.E., Director of Castle Rock Water
Shawn Griffith, Assistant Director of Operations
Nicolas Van Kooten, SCADA Superintendent
Title
Resolution to Adopt the 2025-2029 Supervisory Control and Data Acquisition (SCADA) Master Plan [Serves the entire Castle Rock Water Service Area] DRAFT
Town Council Agenda Date: February 18, 2025
Body
________________________________________________________________________________
Executive Summary
The Castle Rock Water (CRW) Supervisory Control and Data Acquisition (SCADA) Master Plan is the starting point for the development of the CRW SCADA system functional requirements. This Master Plan (MP) includes cybersecurity, Operational Technology (OT), telemetry, backhaul, programmable logic controllers (PLCs), and human-machine interface (HMI). During the planning effort, investigations are performed to determine all desired functions, features, and requirements for each subsystem (PLC, HMI, OT, cybersecurity, telemetry, backhaul).
Master planning provides a road map to address deficiencies within the existing SCADA system, considers new technologies, and documents present and future system requirements. This high-level path was fully initiated with the onboarding of Jacobs Engineering in 2019. They were contracted to conduct a complete evaluation of the current SCADA system. They interviewed CRW staff in an attempt to address all the needs of the stakeholders, including engineering, operations, maintenance, safety, security, management, and the residents of Castle Rock.
Notification and Outreach Efforts
This project is a security-sensitive project and no outreach is anticipated.
History of Past Town Council, Boards & Commissions, or Other Discussions
Castle Rock Water Commission was provided with a presentation on the SCADA Master Plan on December 11, 2019, and voted to recommend Council approval. Town Council adopted the 2019 SCADA Master Plan Update on December 17, 2019. The 2019-2024 SCADA MP was approved by the Town Council in 2021.
Discussion
The 2025-2029 SCADA MP provides an updated and modernized version of the previous SCADA MP. On January 18, 2024, CRW received Town Manager approval for Tetra Tech to update the MP for 2025-2029. This update considers several factors that warrant additional clarification and review. It identifies the status of the recommended projects from the previous MPs and recommends new projects to optimize CRW’s performance and resiliency.
The 2019-2024 MP identified infrastructure elements including PLCs, HMI, communication backhaul, and telemetry, that were outdated due to the changing landscape of cybersecurity regulations and evolving technology. As a result, technology specifications were updated again in the 2025-2029 MP version.
The new MP recommends nine specific goals, to be completed within the next four years:
1. Outstanding Project Closure
2. Cybersecurity
3. SCADA Standardization
4. Complete Facility List
5. Documentation and Procedure Standardization
6. Physical Security
7. Staffing
8. Data Study
9. Computerized Maintenance Management System (CMMS)
Staff has begun working on the most urgent goals of Cybersecurity and Staffing. The Cybersecurity Projects Addendum review serves multiple functions, the foremost of which is the All-Hazards Assessment, assigned to Tetra Tech in January of 2025. This will examine CRW’s OT vulnerabilities for America's Water Infrastructure Act (AWIA) compliance due March 31, 2025.
The MP update also addressed the need for specific OT specialty staff members. The new MP addresses staffing in Section 5.1 and recommends the need for seven OT Support Positions:
1. PLC Programming Engineer
2. HMI Systems Engineer
3. Field Instrument Technicians
4. Network Engineer
5. Systems Administrator Engineer/Server Specialist
6. Cybersecurity Engineer
7. Chief Information Security Officer (CISO)
These OT Support positions are unique to the Water Utility SCADA Industry and are not to be confused with Information Technology positions. SCADA controls are subject to strict local and national regulations requiring staff with advanced water and wastewater system knowledge. CRW currently employs staff with some of the above skills, but staffing levels are not adequate to ensure that operational and cybersecurity needs are met.
The 2025-2029 SCADA MP identified in Section 5.1, the need to hire an Operational Technology (OT) “Network Engineer”, as the individual who maintains the network and maintains CRW’s SCADA/OT servers as well as an OT “Systems Administrator”. These two positions will ensure that cybersecurity and staffing levels are met.
All MPs are guidance documents for organizations to follow. CRW is committed to providing safe and reliable water to Town residents. To do so, a safe, reliable, and secure SCADA system must be in place. The SCADA MP 2025-2029 provides staff a compass to use when expanding, upgrading, and protecting CRW’s SCADA system.
Staff Recommendation
Staff recommends the adoption of the 2025-2029 SCADA Master Plan.
Proposed Motion
“I move to recommend to Town Council approval of the Resolution as presented”